ioc[.]one - OSINT Cyber Threat Intelligence Database

Show in Graph

Common Information

Type	Value
Value	rule tropictrooper_umbraco_compiled_webshells { meta: description = "Rule to detect Tropic Trooper Umbraco webshells .NET sample" author = "Kaspersky" copyright = "Kaspersky" distribution = "DISTRIBUTION IS FORBIDDEN. DO NOT UPLOAD TO ANY MULTISCANNER OR SHARE ON ANY THREAT INTEL PLATFORM" sample = "3f15c4431ad4573344ad56e8384ebd62" strings: $s1 = { 72 ?? ?? ?? ?? 28 ?? ?? ?? ?? 6F ?? ?? ?? ?? A2 25 1F 0A 72 ?? ?? ?? ?? A2 25 1F 0B 72 ?? ?? ?? ?? A2 25 1F 0C 72 ?? ?? ?? ?? A2 25 1F 0D 72 ?? ?? ?? ?? A2 25 1F 0E 72 ?? ?? ?? ?? A2 25 1F 0F 72 ?? ?? ?? ?? A2 25 1F 10 72 ?? ?? ?? ?? A2 25 1F 11 72 ?? ?? ?? ?? A2 25 1F 12 72 ?? ?? ?? ?? A2 25 1F 13 72 ?? ?? ?? ?? A2 25 1F 14 72 ?? ?? ?? ?? A2 25 1F 15 72 ?? ?? ?? ?? A2 25 1F 16 72 ?? ?? ?? ?? A2 25 1F 17 72 ?? ?? ?? ?? A2 25 1F 18 72 ?? ?? ?? ?? A2 } condition: $s1 and filesize < 1MB }
Category
Type	Yara Rule
Misp Type
Description

Details		Published	Attributes	CTI		Title
Details	Website	2024-09-05	56			Tropic Trooper spies on government entities in the Middle East