TropicTrooper Campaign November 2018

Jun 20, 2023 · attack.execution attack.t1059.001 detection.emerging_threats ·

Detects TropicTrooper activity, an actor who targeted high-profile organizations in the energy and food and beverage sectors in Asia

Sigma rule (View on GitHub)

 1title: TropicTrooper Campaign November 2018
 2id: 8c7090c3-e0a0-4944-bd08-08c3a0cecf79
 3status: stable
 4description: Detects TropicTrooper activity, an actor who targeted high-profile organizations in the energy and food and beverage sectors in Asia
 5references:
 6    - https://www.microsoft.com/en-us/security/blog/2018/11/28/windows-defender-atp-device-risk-score-exposes-new-cyberattack-drives-conditional-access-to-protect-networks/
 7author: '@41thexplorer, Microsoft Defender ATP'
 8date: 2019/11/12
 9modified: 2020/08/27
10tags:
11    - attack.execution
12    - attack.t1059.001
13    - detection.emerging_threats
14logsource:
15    category: process_creation
16    product: windows
17detection:
18    selection:
19        CommandLine|contains: 'abCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCc'
20    condition: selection
21level: high

References

https://www.microsoft.com/en-us/security/blog/2018/11/28/windows-defender-atp-device-risk-score-exposes-new-cyberattack-drives-conditional-access-to-protect-networks/

Read More

TropicTrooper Campaign November 2018

Sigma rule (View on GitHub)

References

https://www.microsoft.com/en-us/security/blog/2018/11/28/windows-defender-atp-device-risk-score-exposes-new-cyberattack-drives-conditional-access-to-protect-networks/

Related rules