ioc[.]one - OSINT Cyber Threat Intelligence Database

Tropic Trooper spies on government entities in the Middle East

Tags

country:	Malaysia Hong Kong Israel Philippines Taiwan
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Domains - T1583.001 Domains - T1584.001 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Msiexec - T1218.007 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Web Shell - T1505.003 Windows Service - T1543.003 Tool - T1588.002 Vulnerability Scanning - T1595.002 Connection Proxy - T1090 Rundll32 - T1085 Web Shell - T1100

Show in Graph

Common Information

Type	Value
UUID	47c65f9f-1264-476d-8e06-7f12f269e96e
Fingerprint	cc11d0acdfd06c0
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 5, 2024, 8:05 a.m.
Added to db	Sept. 5, 2024, 10:57 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Tropic Trooper spies on government entities in the Middle East
Title	Tropic Trooper spies on government entities in the Middle East
Detected Hints/Tags/Attributes	95/3/56

Source URLs

	Redirection	Url
Details	Source	https://malware.news/t/tropic-trooper-spies-on-government-entities-in-the-middle-east/86040
Details	Source	https://securelist.com/new-tropic-trooper-web-shell-infection/113737/

URL Provider

Details	Provider	Source level domain
Details	malware.news	malware.news
Details	securelist.com	securelist.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	158	✔	Malware Analysis, News and Indicators - Latest topics	https://malware.news/latest.rss	2024-08-30 22:08
Details	223	✔	Securelist	https://securelist.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	168	cve-2021-34473
Details	CVE	142	cve-2021-34523
Details	CVE	143	cve-2021-31207
Details	CVE	39	cve-2023-26360
Details	Domain	285	microsoft.net
Details	Domain	397	asp.net
Details	Domain	4	blog.techmersion.com
Details	Domain	2	techmersion.com
Details	File	1	app_web_dentsd54.dll
Details	File	6	i.bat
Details	File	156	1.exe
Details	File	5	datast.dll
Details	File	89	version.dll
Details	File	19	a.bat
Details	File	3	datastate.dll
Details	File	3	winstore.exe
Details	File	16	colorcpl.exe
Details	File	3	inst.exe
Details	File	269	msiexec.exe
Details	md5	2	3f15c4431ad4573344ad56e8384ebd62
Details	md5	3	a213873eb55dc092ddf3adbeb242bd44
Details	md5	1	fca94b8b718357143c53620c6b360470
Details	md5	2	fd8382efb0a16225896d584da56c182c
Details	md5	2	1dd03936baf0fe95b7e5b54a9dd4a577
Details	md5	3	8a900f742d0e3cd3898f37dbc3d6e054
Details	md5	2	dd7593e9ba80502505c958b9bbbf2838
Details	md5	2	2c7ebd103514018bad223f25026d4db3
Details	md5	1	c10643b3fb304972c650e593b69faaa1
Details	md5	2	e845563ba35e8d227152165b0c3e769f
Details	md5	2	0b9ae998423a207f021f8e61b93bc849
Details	md5	1	475aa86ae60c640eec4fdea93b5ed04d
Details	md5	1	3F15C4431AD4573344AD56E8384EBD62
Details	md5	1	78B47DDA664545542ED3ABE17400C354
Details	md5	1	3B7721715B2842CDFF0AB72BD605A0CE
Details	md5	1	868B8A5012E0EB9A48D2DAF7CB7A5D87
Details	md5	1	149A9E24DBE347C4AF2DE8D135AA4B76
Details	md5	1	103E4C2E4EE558D130C8B59BFD66B4FB
Details	md5	1	E0D9215F64805E0BFF03F4DC796FE52E
Details	md5	1	27C558BD42744CDDC9EDB3FA597D0510
Details	md5	1	4F950683F333F5ED779D70EB38CDADCF
Details	md5	1	FD8382EFB0A16225896D584DA56C182C
Details	md5	1	1DD03936BAF0FE95B7E5B54A9DD4A577
Details	md5	1	8A900F742D0E3CD3898F37DBC3D6E054
Details	md5	1	A213873EB55DC092DDF3ADBEB242BD44
Details	md5	1	DD7593E9BA80502505C958B9BBBF2838
Details	md5	1	2C7EBD103514018BAD223F25026D4DB3
Details	md5	1	0B9AE998423A207F021F8E61B93BC849
Details	md5	1	E845563BA35E8D227152165B0C3E769F
Details	sha1	1	311d1d50673fbfc40b84d94239cd4fa784269465
Details	sha1	1	3650899c669986e5f4363fdbd6cf5b78a6fcd484
Details	sha256	1	8df9fa495892fc3d183917162746ef8fd9e438ff0d639264236db553b09629dc
Details	sha256	1	23dea3a74e3ff6a367754d02466db4c86ffda47efe09529d3aad52b0d5694b30
Details	IPv4	1	51.195.37.155
Details	IPv4	2	162.19.135.182
Details	Windows Registry Key	1	HKCU\Software\Microsoft\Windows\CurrentVersion\Runwith
Details	Yara rule	1	rule tropictrooper_umbraco_compiled_webshells { meta: description = "Rule to detect Tropic Trooper Umbraco webshells .NET sample" author = "Kaspersky" copyright = "Kaspersky" distribution = "DISTRIBUTION IS FORBIDDEN. DO NOT UPLOAD TO ANY MULTISCANNER OR SHARE ON ANY THREAT INTEL PLATFORM" sample = "3f15c4431ad4573344ad56e8384ebd62" strings: $s1 = { 72 ?? ?? ?? ?? 28 ?? ?? ?? ?? 6F ?? ?? ?? ?? A2 25 1F 0A 72 ?? ?? ?? ?? A2 25 1F 0B 72 ?? ?? ?? ?? A2 25 1F 0C 72 ?? ?? ?? ?? A2 25 1F 0D 72 ?? ?? ?? ?? A2 25 1F 0E 72 ?? ?? ?? ?? A2 25 1F 0F 72 ?? ?? ?? ?? A2 25 1F 10 72 ?? ?? ?? ?? A2 25 1F 11 72 ?? ?? ?? ?? A2 25 1F 12 72 ?? ?? ?? ?? A2 25 1F 13 72 ?? ?? ?? ?? A2 25 1F 14 72 ?? ?? ?? ?? A2 25 1F 15 72 ?? ?? ?? ?? A2 25 1F 16 72 ?? ?? ?? ?? A2 25 1F 17 72 ?? ?? ?? ?? A2 25 1F 18 72 ?? ?? ?? ?? A2 } condition: $s1 and filesize < 1MB }