Tropic Trooper

Threat Actor updated 2 days ago (2024-09-05T13:17:47.128Z)

Download STIX

Preview STIX

Tropic Trooper, also known as KeyBoy and Pirate Panda, is a threat actor group that has been active since 2011. This group has been linked to various cyber attacks, primarily targeting industries in Asia such as manufacturing, semiconductors, materials and composites, technology, chemical, and medical research related to Covid-19. The group employs sophisticated techniques to execute its malicious activities, including the use of the MQTT protocol for network communication with its C2, which is notably used in Internet of Things (IoT) devices. Notably, Tropic Trooper's malware was found to use the same algorithm for encoding their configuration files as observed in the 2013 versions of KeyBoy. The cybersecurity community has detected significant overlaps between the infrastructure used by Tropic Trooper and other threat actors like TA413. Furthermore, the discovery of the China Chopper web shell led to an investigation into Tropic Trooper's activities. During this investigation, more samples written by Tropic Trooper were found, along with third-party tools used in the post-exploitation phase. A loader previously attributed to Tropic Trooper was also identified, indicating the group's continued activity and evolution of techniques. Based on the evidence gathered, there is an ongoing reassessment of the relationship between Tropic Trooper and the FamousSparrow group, which was reported by ESET in 2021. Some industry reports link the two groups together, suggesting potential collaborations or shared resources. As the threat landscape continues to evolve, understanding the connections between different threat actors will be crucial for developing effective defensive strategies.

Description last updated: 2024-09-05T13:17:06.877Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
KeyBoy	3	KeyBoy is a form of malware, a harmful software designed to exploit and damage computer systems. It infects systems through various means such as suspicious downloads, emails, or websites. Once inside a system, it can steal personal information, disrupt operations, or hold data hostage for ransom. K
Pirate Panda	2	Pirate Panda, also known as Tropic Trooper or Keyboy, is a recognized threat actor group that has been active since 2011. As part of the complex landscape of cyber threats, Pirate Panda exhibits significant malicious intent and activity. This group is particularly notable for its operational overlap

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Backdoor

Malware

Exploit

Espionage

Loader

Apt

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Tropic Trooper Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	2 days ago	Chinese 'Tropic Trooper' APT Targets Mideast Governments
Securelist	2 days ago	New malicious web shell from the Tropic Trooper group is found in the Middle East
CERT-EU	a year ago	Virus Bulletin :: Teasing the secrets from threat actors: malware configuration extractors
CERT-EU	a year ago	My Tea's not cold : an overview of China's cyber threat – Global Security Mag Online
MITRE	2 years ago	Covid-19 Cybersecurity Challenges & Recommendations \| CrowdStrike
MITRE	2 years ago	Tropic Trooper’s New Strategy
MITRE	2 years ago	Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy
MITRE	2 years ago	It’s Parliamentary: KeyBoy and the targeting of the Tibetan Community - The Citizen Lab
Recorded Future	2 years ago	Chinese State-Sponsored Group TA413 Adopts New Capabilities in Pursuit of Tibetan Targets \| Recorded Future
Recorded Future	2 years ago	Chinese State-Sponsored Group TA413 Adopts New Capabilities in Pursuit of Tibetan Targets \| Recorded Future