Tropic Trooper
Aliases: Pirate Panda, KeyBoy
Tropic Trooper is an unaffiliated threat group that has led targeted campaigns against targets in Taiwan, the Philippines, and Hong Kong. Tropic Trooper focuses on targeting government, healthcare, transportation, and high-tech industries and has been active since 2011.
Open interactive actor investigation
ATT&CK techniques
T1543.003
Windows ServiceT1070.004
File DeletionT1566.001
Spearphishing AttachmentT1105
Ingress Tool TransferT1057
Process DiscoveryT1204.002
Malicious FileT1573
Encrypted ChannelT1071.001
Web ProtocolsT1564.001
Hidden Files and DirectoriesT1221
Template InjectionT1033
System Owner/User DiscoveryT1046
Network Service DiscoveryT1016
System Network Configuration DiscoveryT1052.001
Exfiltration over USBT1547.001
Registry Run Keys / Startup FolderT1505.003
Web ShellT1573.002
Asymmetric CryptographyT1059.003
Windows Command ShellT1106
Native APIT1574.002
DLL Side-LoadingT1083
File and Directory DiscoveryT1027.013
Encrypted/Encoded FileT1036.005
Match Legitimate Name or LocationT1132.001
Standard EncodingT1078.003
Local AccountsT1547.004
Winlogon Helper DLLT1203
Exploitation for Client ExecutionT1071.004
DNST1119
Automated CollectionT1055.001
Dynamic-link Library InjectionT1020
Automated ExfiltrationT1135
Network Share DiscoveryT1082
System Information DiscoveryT1518.001
Security Software DiscoveryT1140
Deobfuscate/Decode Files or InformationT1049
System Network Connections DiscoveryT1027.003
SteganographyT1518
Software DiscoveryT1091
Replication Through Removable MediaT1197
BITS Jobs
Windows ServiceT1070.004
File DeletionT1566.001
Spearphishing AttachmentT1105
Ingress Tool TransferT1057
Process DiscoveryT1204.002
Malicious FileT1573
Encrypted ChannelT1071.001
Web ProtocolsT1564.001
Hidden Files and DirectoriesT1221
Template InjectionT1033
System Owner/User DiscoveryT1046
Network Service DiscoveryT1016
System Network Configuration DiscoveryT1052.001
Exfiltration over USBT1547.001
Registry Run Keys / Startup FolderT1505.003
Web ShellT1573.002
Asymmetric CryptographyT1059.003
Windows Command ShellT1106
Native APIT1574.002
DLL Side-LoadingT1083
File and Directory DiscoveryT1027.013
Encrypted/Encoded FileT1036.005
Match Legitimate Name or LocationT1132.001
Standard EncodingT1078.003
Local AccountsT1547.004
Winlogon Helper DLLT1203
Exploitation for Client ExecutionT1071.004
DNST1119
Automated CollectionT1055.001
Dynamic-link Library InjectionT1020
Automated ExfiltrationT1135
Network Share DiscoveryT1082
System Information DiscoveryT1518.001
Security Software DiscoveryT1140
Deobfuscate/Decode Files or InformationT1049
System Network Connections DiscoveryT1027.003
SteganographyT1518
Software DiscoveryT1091
Replication Through Removable MediaT1197
BITS Jobs