ioc[.]one - OSINT Cyber Threat Intelligence Database

Dark Web Profile: Tropic Trooper (APT23) - SOCRadar® Cyber Intelligence Inc.

Tags

cmtmf-attack-pattern:	Application Layer Protocol Automated Exfiltration Boot Or Logon Autostart Execution Command And Scripting Interpreter Exploit Public-Facing Application Masquerading Obfuscated Files Or Information System Network Connections Discovery
country:	China Hong Kong Philippines Taiwan
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Software Discovery - T1418 Application Layer Protocol - T1437 Boot Or Logon Autostart Execution - T1547 Clear Windows Event Logs - T1070.001 Command And Scripting Interpreter - T1623 Create Or Modify System Process - T1543 Credentials - T1589.001 Credentials In Registry - T1552.002 Data From Local System - T1533 Dll Side-Loading - T1574.002 Domain Account - T1087.002 Domain Account - T1136.002 Domain Trust Discovery - T1482 Domains - T1583.001 Domains - T1584.001 Dynamic-Link Library Injection - T1055.001 Exfiltration To Cloud Storage - T1567.002 Exploit Public-Facing Application - T1377 Exploitation For Client Execution - T1658 Exploits - T1587.004 Exploits - T1588.005 File And Directory Discovery - T1420 Hidden Files And Directories - T1564.001 Hide Artifacts - T1628 Hide Artifacts - T1564 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Indicator Removal On Host - T1630 Internal Proxy - T1090.001 Local Accounts - T1078.003 System Network Configuration Discovery - T1422 System Network Connections Discovery - T1421 Lsass Memory - T1003.001 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Match Legitimate Name Or Location - T1036.005 Match Legitimate Name Or Location - T1655.001 Obfuscated Files Or Information - T1406 System Information Discovery - T1426 Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Registry Run Keys / Startup Folder - T1547.001 Rundll32 - T1218.011 Security Software Discovery - T1518.001 Server - T1583.004 Server - T1584.004 Server Software Component - T1505 Service Execution - T1569.002 Smb/Windows Admin Shares - T1021.002 Software - T1592.002 Software Discovery - T1518 Software Packing - T1027.002 Software Packing - T1406.002 Spearphishing Attachment - T1566.001 System Services - T1569 Windows Command Shell - T1059.003 Web Protocols - T1071.001 Web Protocols - T1437.001 Web Shell - T1505.003 Windows Service - T1543.003 Tool - T1588.002 Vulnerabilities - T1588.006 Vulnerability Scanning - T1595.002 Account Discovery - T1087 Standard Application Layer Protocol - T1071 Automated Exfiltration - T1020 Bits Jobs - T1197 Command-Line Interface - T1059 Connection Proxy - T1090 Credential Dumping - T1003 Credentials In Registry - T1214 Data From Local System - T1005 Deobfuscate/Decode Files Or Information - T1140 Dll Side-Loading - T1073 Exploit Public-Facing Application - T1190 Exploitation For Client Execution - T1203 File And Directory Discovery - T1083 Hidden Files And Directories - T1158 Indicator Removal On Host - T1070 Masquerading - T1036 Standard Non-Application Layer Protocol - T1095 Obfuscated Files Or Information - T1027 Powershell - T1086 Registry Run Keys / Start Folder - T1060 Remote Services - T1021 Rundll32 - T1085 Service Execution - T1035 Signed Binary Proxy Execution - T1218 Software Packing - T1045 System Information Discovery - T1082 System Network Configuration Discovery - T1016 System Network Connections Discovery - T1049 System Owner/User Discovery - T1033 Valid Accounts - T1078 Web Shell - T1100 User Execution - T1204 Exploit Public-Facing Application Indicator Removal On Host Masquerading Valid Accounts User Execution

Show in Graph

Common Information

Type	Value
UUID	07e17dbd-eeee-43ac-87b3-14313fda3d35
Fingerprint	7dc34dc2c4d4b7f1
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 1, 2024, 2:23 p.m.
Added to db	Nov. 1, 2024, 12:24 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Dark Web Profile: Tropic Trooper (APT23)
Title	Dark Web Profile: Tropic Trooper (APT23) - SOCRadar® Cyber Intelligence Inc.
Detected Hints/Tags/Attributes	205/4/39

Source URLs

	Redirection	Url
Details	Source	https://socradar.io/dark-web-profile-tropic-trooper-apt23/
Details	Source	https://malware.news/t/dark-web-profile-tropic-trooper-apt23/88038

URL Provider

Details	Provider	Source level domain
Details	malware.news	malware.news
Details	socradar.io	socradar.io

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	158	✔	Malware Analysis, News and Indicators - Latest topics	https://malware.news/latest.rss	2024-08-30 22:08
Details	238	✔	SOCRadar® Cyber Intelligence Inc.	https://socradar.io/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	39	cve-2023-26360
Details	File	5	datast.dll
Details	File	89	version.dll
Details	MITRE ATT&CK Techniques	542	T1190
Details	MITRE ATT&CK Techniques	310	T1566.001
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	333	T1059.003
Details	MITRE ATT&CK Techniques	174	T1569.002
Details	MITRE ATT&CK Techniques	180	T1543.003
Details	MITRE ATT&CK Techniques	227	T1574.002
Details	MITRE ATT&CK Techniques	104	T1505.003
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	92	T1070.001
Details	MITRE ATT&CK Techniques	160	T1027.002
Details	MITRE ATT&CK Techniques	119	T1218.011
Details	MITRE ATT&CK Techniques	183	T1036.005
Details	MITRE ATT&CK Techniques	173	T1003.001
Details	MITRE ATT&CK Techniques	23	T1552.002
Details	MITRE ATT&CK Techniques	139	T1021.002
Details	MITRE ATT&CK Techniques	99	T1087.002
Details	MITRE ATT&CK Techniques	124	T1482
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	MITRE ATT&CK Techniques	159	T1095
Details	MITRE ATT&CK Techniques	35	T1090.001
Details	MITRE ATT&CK Techniques	100	T1567.002
Details	MITRE ATT&CK Techniques	102	T1020
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	245	T1203
Details	MITRE ATT&CK Techniques	94	T1564.001
Details	MITRE ATT&CK Techniques	141	T1518.001
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	245	T1016
Details	MITRE ATT&CK Techniques	119	T1049
Details	MITRE ATT&CK Techniques	230	T1033
Details	MITRE ATT&CK Techniques	365	T1204.002
Details	MITRE ATT&CK Techniques	43	T1078.003
Details	Threat Actor Identifier - APT	16	APT23