Dark Web Profile: Tropic Trooper (APT23) - SOCRadar® Cyber Intelligence Inc.
Tags
cmtmf-attack-pattern: Application Layer Protocol Automated Exfiltration Boot Or Logon Autostart Execution Command And Scripting Interpreter Exploit Public-Facing Application Masquerading Obfuscated Files Or Information System Network Connections Discovery
country: China Hong Kong Philippines Taiwan
maec-delivery-vectors: Watering Hole
attack-pattern: Data Software Discovery - T1418 Application Layer Protocol - T1437 Boot Or Logon Autostart Execution - T1547 Clear Windows Event Logs - T1070.001 Command And Scripting Interpreter - T1623 Create Or Modify System Process - T1543 Credentials - T1589.001 Credentials In Registry - T1552.002 Data From Local System - T1533 Dll Side-Loading - T1574.002 Domain Account - T1087.002 Domain Account - T1136.002 Domain Trust Discovery - T1482 Domains - T1583.001 Domains - T1584.001 Dynamic-Link Library Injection - T1055.001 Exfiltration To Cloud Storage - T1567.002 Exploit Public-Facing Application - T1377 Exploitation For Client Execution - T1658 Exploits - T1587.004 Exploits - T1588.005 File And Directory Discovery - T1420 Hidden Files And Directories - T1564.001 Hide Artifacts - T1628 Hide Artifacts - T1564 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Indicator Removal On Host - T1630 Internal Proxy - T1090.001 Local Accounts - T1078.003 System Network Configuration Discovery - T1422 System Network Connections Discovery - T1421 Lsass Memory - T1003.001 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Match Legitimate Name Or Location - T1036.005 Match Legitimate Name Or Location - T1655.001 Obfuscated Files Or Information - T1406 System Information Discovery - T1426 Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Registry Run Keys / Startup Folder - T1547.001 Rundll32 - T1218.011 Security Software Discovery - T1518.001 Server - T1583.004 Server - T1584.004 Server Software Component - T1505 Service Execution - T1569.002 Smb/Windows Admin Shares - T1021.002 Software - T1592.002 Software Discovery - T1518 Software Packing - T1027.002 Software Packing - T1406.002 Spearphishing Attachment - T1566.001 System Services - T1569 Windows Command Shell - T1059.003 Web Protocols - T1071.001 Web Protocols - T1437.001 Web Shell - T1505.003 Windows Service - T1543.003 Tool - T1588.002 Vulnerabilities - T1588.006 Vulnerability Scanning - T1595.002 Account Discovery - T1087 Standard Application Layer Protocol - T1071 Automated Exfiltration - T1020 Bits Jobs - T1197 Command-Line Interface - T1059 Connection Proxy - T1090 Credential Dumping - T1003 Credentials In Registry - T1214 Data From Local System - T1005 Deobfuscate/Decode Files Or Information - T1140 Dll Side-Loading - T1073 Exploit Public-Facing Application - T1190 Exploitation For Client Execution - T1203 File And Directory Discovery - T1083 Hidden Files And Directories - T1158 Indicator Removal On Host - T1070 Masquerading - T1036 Standard Non-Application Layer Protocol - T1095 Obfuscated Files Or Information - T1027 Powershell - T1086 Registry Run Keys / Start Folder - T1060 Remote Services - T1021 Rundll32 - T1085 Service Execution - T1035 Signed Binary Proxy Execution - T1218 Software Packing - T1045 System Information Discovery - T1082 System Network Configuration Discovery - T1016 System Network Connections Discovery - T1049 System Owner/User Discovery - T1033 Valid Accounts - T1078 Web Shell - T1100 User Execution - T1204 Exploit Public-Facing Application Indicator Removal On Host Masquerading Valid Accounts User Execution
Common Information
Type Value
UUID 07e17dbd-eeee-43ac-87b3-14313fda3d35
Fingerprint 7dc34dc2c4d4b7f1
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 1, 2024, 2:23 p.m.
Added to db Nov. 1, 2024, 12:24 p.m.
Last updated Dec. 11, 2024, 12:13 a.m.
Headline Dark Web Profile: Tropic Trooper (APT23)
Title Dark Web Profile: Tropic Trooper (APT23) - SOCRadar® Cyber Intelligence Inc.
Detected Hints/Tags/Attributes 205/4/39
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 158 Malware Analysis, News and Indicators - Latest topics https://malware.news/latest.rss 2024-08-30 22:08
Details 238 SOCRadar® Cyber Intelligence Inc. https://socradar.io/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 40
cve-2023-26360
Details File 5
datast.dll
Details File 89
version.dll
Details MITRE ATT&CK Techniques 554
T1190
Details MITRE ATT&CK Techniques 324
T1566.001
Details MITRE ATT&CK Techniques 482
T1059.001
Details MITRE ATT&CK Techniques 352
T1059.003
Details MITRE ATT&CK Techniques 180
T1569.002
Details MITRE ATT&CK Techniques 183
T1543.003
Details MITRE ATT&CK Techniques 234
T1574.002
Details MITRE ATT&CK Techniques 104
T1505.003
Details MITRE ATT&CK Techniques 510
T1140
Details MITRE ATT&CK Techniques 92
T1070.001
Details MITRE ATT&CK Techniques 164
T1027.002
Details MITRE ATT&CK Techniques 122
T1218.011
Details MITRE ATT&CK Techniques 186
T1036.005
Details MITRE ATT&CK Techniques 177
T1003.001
Details MITRE ATT&CK Techniques 23
T1552.002
Details MITRE ATT&CK Techniques 143
T1021.002
Details MITRE ATT&CK Techniques 103
T1087.002
Details MITRE ATT&CK Techniques 124
T1482
Details MITRE ATT&CK Techniques 598
T1083
Details MITRE ATT&CK Techniques 542
T1005
Details MITRE ATT&CK Techniques 461
T1071.001
Details MITRE ATT&CK Techniques 160
T1095
Details MITRE ATT&CK Techniques 35
T1090.001
Details MITRE ATT&CK Techniques 102
T1567.002
Details MITRE ATT&CK Techniques 107
T1020
Details MITRE ATT&CK Techniques 397
T1547.001
Details MITRE ATT&CK Techniques 252
T1203
Details MITRE ATT&CK Techniques 98
T1564.001
Details MITRE ATT&CK Techniques 145
T1518.001
Details MITRE ATT&CK Techniques 1022
T1082
Details MITRE ATT&CK Techniques 249
T1016
Details MITRE ATT&CK Techniques 121
T1049
Details MITRE ATT&CK Techniques 232
T1033
Details MITRE ATT&CK Techniques 380
T1204.002
Details MITRE ATT&CK Techniques 43
T1078.003
Details Threat Actor Identifier - APT 16
APT23