Tropic Trooper, a Chinese-speaking APT group active since 2011, has expanded its operations to target government entities in the Middle East. The group deployed a new variant of the China Chopper web shell on a compromised Umbraco CMS server, along with other post-exploitation tools and backdoor implants. The attackers used DLL search-order hijacking to load malicious payloads, including a loader called Crowdoor. The campaign focused on cyber espionage, targeting systems related to human rights studies in the region. This marks a strategic shift for Tropic Trooper, previously known for targeting Southeast Asian countries. Author: AlienVault
Related Tags:
umbraco cms
ByPassGodzilla
Neo-reGeorg
Swor
Crowdoor
china chopper
T1588.002
Malaysia
T1547.001
Associated Indicators:
8DF9FA495892FC3D183917162746EF8FD9E438FF0D639264236DB553B09629DC
9BA6C63E29B26174E52A519C1AFE7A4401E65485FD6CE6A2D574D910DD1D8D22
311D1D50673FBFC40B84D94239CD4FA784269465
69112C87F67DD2A0BE79E57323AEB28874D5FB08
3650899C669986E5F4363FDBD6CF5B78A6FCD484
4F950683F333F5ED779D70EB38CDADCF
149A9E24DBE347C4AF2DE8D135AA4B76
1DD03936BAF0FE95B7E5B54A9DD4A577
A213873EB55DC092DDF3ADBEB242BD44