“is a zip archive containing military - themed document lures to launch the rogue version of sumatrapdf, which is then used to display a decoy pdf document, while simultaneously retrieving encrypted shellcode from a staging server to launch adaptixc2 beacon. to accomplish this, th…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
87%
“tropic trooper uses trojanized sumatrapdf and github to deploy adaptixc2 chinese - speaking individuals are the target of a new campaign that uses a trojanized version of sumatrapdf reader to deploy the adaptixc2 beacon post - exploitation agent and ultimately facilitate the abus…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1572Protocol Tunneling
43%
“up vs code tunnels for remote access. on select machines, the threat actor has been found to install alternative, trojanized applications, likely in an attemptto better camouflage their actions. what ' s more, the staging server involved in the intrusion ( " 158. 247. 193 [. ] 10…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimately facilitate the abuse of Microsoft Visual Studio Code (VS Code) tunnels for remote access.
Zscaler ThreatLabz, which discovered the campaign last month, has attributed it with high confidence to Tropic Trooper (aka