SOC Incident Toolkit
Back to Campaigns
Tropic Trooper's Silent Attack: A Destructive Cyber Campaign Against Human Rights Organizations

Tropic Trooper's Silent Attack: A Destructive Cyber Campaign Against Human Rights Organizations

TropicTrooperHumanRightsUnderAttackUmbracoUSBferryMalwarePIRATE PANDA

Tropic Trooper is a formidable force in the cyber realm, renowned for its expertise in espionage and data theft. The group's sophisticated attacks have made it a significant threat to sensitive targets, including governments, military organizations and human rights defenders, particularly in the Asia-Pacific region. In their latest campaign, they targeted human rights organizations and attempted to infiltrate air-gapped systems using new web shells and USB-based malware.

Indicators of Compromise

Domains (2)

techmersion.comblog.techmersion.com

Hashes (26)

8df9fa495892fc3d183917162746ef8fd9e438ff0d639264236db553b09629dc2c7ebd103514018bad223f25026d4db33f15c4431ad4573344ad56e8384ebd623650899c669986e5f4363fdbd6cf5b78a6fcd484fd8382efb0a16225896d584da56c182cc10643b3fb304972c650e593b69faaa14f950683f333f5ed779d70eb38cdadcf3b7721715b2842cdff0ab72bd605a0ce27c558bd42744cddc9edb3fa597d0510311d1d50673fbfc40b84d94239cd4fa784269465475aa86ae60c640eec4fdea93b5ed04da213873eb55dc092ddf3adbeb242bd448a900f742d0e3cd3898f37dbc3d6e0541dd03936baf0fe95b7e5b54a9dd4a577149a9e24dbe347c4af2de8d135aa4b76fca94b8b718357143c53620c6b36047023dea3a74e3ff6a367754d02466db4c86ffda47efe09529d3aad52b0d5694b300b9ae998423a207f021f8e61b93bc84969112c87f67dd2a0be79e57323aeb28874d5fb08dd7593e9ba80502505c958b9bbbf2838+6 more

IPv4 (2)

51.195.37.155162.19.135.182

APT Groups

Pirate Panda

undefined

Notes

<span id="docs-internal-guid-b9899627-7fff-29ec-a8f5-fc67fce127c3"><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 13pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">CONCLUSION</span></div><p style="line-height:1.38;margin-top:12pt;margin-bottom:12pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">The Tropic Trooper campaign serves as a clear example of the persistent and evolving nature of advanced cyber espionage operations. Since its discovery in 2011, the group has systematically targeted critical sectors, including government agencies, healthcare systems, high-tech industries, and human rights organizations, with a particular focus on regions such as Taiwan, Hong Kong, and the Philippines. The group’s use of both traditional and innovative methods, including USB-based malware (USBferry) and DNS command and control (C2) communication, highlights its increasing level of technical expertise.</span></p><p style="line-height:1.38;margin-top:12pt;margin-bottom:12pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper’s reliance on web shells, the use of side-loaded dynamic-link libraries (DLLs), and the exploitation of vulnerabilities in popular software applications such as Microsoft Office reveal the group’s capability to bypass conventional security defenses. The group’s focus on targeting air-gapped systems and using spearphishing techniques demonstrates the need for robust cybersecurity measures in organizations dealing with highly sensitive data.</span></p><p style="line-height:1.38;margin-top:12pt;margin-bottom:12pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">To effectively counter such threats, organizations must adopt comprehensive, layered security strategies. </span><a href="https://socradar.io/products/extended-threat-intelligence/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">SOCRadar Extended Threat Intelligence</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> </span><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">product offers a thorough approach, integrating advanced services like </span><a href="https://socradar.io/products/dark-web-monitoring/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Dark Web Monitoring</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">, </span><a href="https://socradar.io/products/cyber-threat-intelligence/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Cyber Threat Intelligence</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">, and </span><a href="https://socradar.io/products/attack-surface-management/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Attack Surface Management</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> to provide real-time insights and early detection of emerging threats. These tools help organizations track adversarial movements, assess vulnerabilities, and address security gaps before they can be exploited.</span></p><p style="line-height:1.38;margin-top:12pt;margin-bottom:12pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">The complexity and targeted nature of Tropic Trooper’s operations pose a significant risk to national security and human rights. To mitigate such risks, organizations should implement enhanced security frameworks that include continuous monitoring, endpoint protection, and regular assessments of vulnerabilities.</span></p><p style="line-height:1.38;margin-top:12pt;margin-bottom:12pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">As cyber espionage and warfare continue to expand, particularly in politically and economically strategic regions,</span><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> </span><a href="https://socradar.io/labs/campaigns/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">campaigns</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> like Tropic Trooper underscore the need for international collaboration and intelligence sharing within the cybersecurity field. By leveraging threat intelligence solutions such as those provided by </span><a href="https://socradar.io/"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">SOCRadar</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">, organizations can enhance their ability to detect and respond to these advanced persistent threats, significantly improving their overall cybersecurity resilience.</span></p><div><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"><br></span></div></span>

Mitigation

<span id="docs-internal-guid-717e825d-7fff-b309-c998-d90ae7ba0b41"><div style="line-height: 1.44; margin-top: 0pt; margin-bottom: 6pt;"><span style="font-size: 13pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">MITIGATION</span></div><div style="line-height: 1.44; margin-top: 0pt; margin-bottom: 6pt;"><span style="font-size: 13pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper</span></div><p style="line-height: 1.38; margin-right: -11pt; margin-top: 0pt; margin-bottom: 12pt;"><a href="https://attack.mitre.org/groups/G0081"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(57, 67, 76); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> is an unaffiliated threat group that has led targeted campaigns against targets in Taiwan, the &nbsp; &nbsp; &nbsp; Philippines, and Hong Kong. </span><a href="https://attack.mitre.org/groups/G0081"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(79, 124, 172); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper</span></a><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(57, 67, 76); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> focuses on targeting government, healthcare, transportation, and high-tech industries and has been active since 2011</span></p><div style="margin-left:0pt;" align="left"><table style="border:none;border-collapse:collapse;"><colgroup><col><col><col></colgroup><tbody><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Domain ID</span></p></td><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Name</span></p></td><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use</span></p></td></tr><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1071"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1071.001</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1071"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Application Layer Protocol: Web Protocols</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper has used HTTP in communication with the C2.</span></p></td></tr><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1071/004"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1071.004</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1071"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Application Layer Protocol: DNS</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper's backdoor has communicated to the C2 over the DNS protocol.</span></p></td></tr><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1119"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1119</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1119"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Automated Collection</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper has collected information automatically using the adversary's USBferry attack.</span></p></td></tr><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1020"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1020</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1020"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Automated Exfiltration</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper has used a copy function to automatically exfiltrate sensitive data from air-gapped systems using USB storage.</span></p></td></tr><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1547"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1547.001</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1547"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper has created shortcuts in the Startup folder to establish persistence.</span></p></td></tr><tr style="height:33.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1547/004"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1547.004</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1547"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Boot or Logon Autostart Execution: Winlogon Helper DLL</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper has created the Registry key HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell and sets the value to establish persistence.</span></p></td></tr><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1059.003</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1059"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Command and Scripting Interpreter: Windows Command Shell</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper has used Windows command scripts.</span></p></td></tr><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1543"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1543.003</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1543"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Create or Modify System Process: Windows Service</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper has installed a service pointing to a malicious DLL dropped to disk.</span></p></td></tr><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1132"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1132.001</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1132"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Data Encoding: Standard Encoding</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper has used base64 encoding to hide command strings delivered from the C2.</span></p></td></tr><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1140"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1140</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1140"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Deobfuscate/Decode Files or Information</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper used shellcode with an XOR algorithm to decrypt a payload. Tropic Trooper also decrypted image files which contained a payload.</span></p></td></tr><tr style="height:15.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1573"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1573.002</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1573"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Encrypted Channel</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper has encrypted traffic with the C2 to prevent network detection.</span></p></td></tr><tr style="height:15.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1573/002"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1573.002</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1573/002"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Asymmetric Cryptography</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper has used SSL to connect to C2 servers.</span></p></td></tr><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1052"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1052.001</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1052"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Exfiltration Over Physical Medium: Exfiltration over USB</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper has exfiltrated data using USB storage devices.</span></p></td></tr><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1203"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1203</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1203"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Exploitation for Client Execution</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper has executed commands through Microsoft security vulnerabilities.</span></p></td></tr><tr style="height:15.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1083"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1083</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1083"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">File and Directory Discovery</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper has monitored files' modified time.</span></p></td></tr><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1564"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1564.001</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1564"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Hide Artifacts: Hidden Files and Directories</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper has created a hidden directory under C:\ProgramData\Apple\Updates\ and C:\Users\Public\Documents\Flash\.</span></p></td></tr><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1574.002</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1574"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Hijack Execution Flow: DLL Side-Loading</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper has been known to side-load DLLs using a valid version of a Windows Address Book and Windows Defender executable.</span></p></td></tr><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1070"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1070.004</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1070"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Indicator Removal: File Deletion</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper has deleted dropper files on an infected system using command scripts.</span></p></td></tr><tr style="height:15.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1105"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1105</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1105"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Ingress Tool Transfer</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper has used a delivered trojan to download additional files.</span></p></td></tr><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1036/005"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1036.005</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1036/005"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Masquerading: Match Legitimate Name or Location</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper has hidden payloads in Flash directories and fake installer files.</span></p></td></tr><tr style="height:18.473876953125pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1106"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1106</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1106"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Native API</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper has used multiple Windows APIs.</span></p></td></tr><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1046"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1046</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1046"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Network Service Discovery</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper used pr and an openly available tool to scan for open ports on target systems.</span></p></td></tr><tr style="height:15.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1135"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1135</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1135"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Network Share Discovery</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper used netview to scan target systems for shared resources.</span></p></td></tr><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1027"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1027.003</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1027"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Obfuscated Files or Information: Steganography</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper has used JPG files with encrypted payloads to mask their backdoor routines and evade detection.</span></p></td></tr><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1027"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1027.013</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1027"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Obfuscated Files or Information: Encrypted/Encoded File</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper has encrypted configuration files.</span></p></td></tr><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1566"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1566.001</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1566"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Phishing: Spearphishing Attachment</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper sent spearphishing emails that contained malicious Microsoft Office and fake installer file attachments.</span></p></td></tr><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1057"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1057</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1057"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Process Discovery</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper is capable of enumerating the running processes on the system using pslist.</span></p></td></tr><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1055"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1055.001</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1055"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Process Injection: Dynamic-link Library Injection</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper has injected a DLL backdoor into dllhost.exe and svchost.exe.</span></p></td></tr><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1091"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1091</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1091"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Replication Through Removable Media</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper has attempted to transfer USBferry from an infected USB device by copying an Autorun function to the target machine.</span></p></td></tr><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1505"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1505.003</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1505"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Server Software Component: Web Shell</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper has started a web service in the target host and wait for the adversary to connect, acting as a web shell.</span></p></td></tr><tr style="height:15.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1518"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1518.001</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1518"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Security Software Discovery</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper can search for anti-virus software running on the system.</span></p></td></tr><tr style="height:15.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1518/001"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1518</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1518/001"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Software Discovery</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper's backdoor could list the infected system's installed software.</span></p></td></tr><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1082"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1082</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1082"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">System Information Discovery</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper has detected a target system’s OS version and system volume information.</span></p></td></tr><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1016"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1016</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1016"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">System Network Configuration Discovery</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper has used scripts to collect the host's network topology.</span></p></td></tr><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1049"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1049</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1049"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">System Network Connections Discovery</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper has tested if the localhost network is available and other connection capability on an infected system.</span></p></td></tr><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1033"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1033</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1033"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">System Owner/User Discovery</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper used letmein to scan for saved usernames on the target system.</span></p></td></tr><tr style="height:15.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1221"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1221</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1221"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Template Injection</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper delivered malicious documents with the XLSX extension.</span></p></td></tr><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1204"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1204.002</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1204"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">User Execution: Malicious File</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper has lured victims into executing malware via malicious e-mail attachments.</span></p></td></tr><tr style="height:24.75pt;"><td style="border-left:solid #b7b7b7 0.75pt;border-right:solid #b7b7b7 0.75pt;border-bottom:solid #b7b7b7 0.75pt;border-top:solid #b7b7b7 0.75pt;vertical-align:top;background-color:#d4d4d4;padding:3pt 3pt 3pt 3pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1078"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1078.003</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/techniques/T1078"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 78, 208); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Valid Accounts: Local Accounts</span></a></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(183, 183, 183); vertical-align: top; padding: 3pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tropic Trooper has used known administrator account credentials to execute the backdoor directly.</span></p></td></tr></tbody></table></div></span>