Threat Actor Profile
High
APT
Description
Tropic Trooper is an unaffiliated threat group that has led targeted campaigns against targets in Taiwan, the Philippines, and Hong Kong. Tropic Trooper focuses on targeting government, healthcare, transportation, and high-tech industries and has been active since 2011.(Citation: TrendMicro Tropic Trooper Mar 2018)(Citation: Unit 42 Tropic Trooper Nov 2016)(Citation: TrendMicro Tropic Trooper May 2020)
Confidence Score
Known Aliases
Tropic Trooper
Pirate Panda
KeyBoy
Tags
mitre-attack
stix-2.1
intrusion-set
First Seen
Unknown
Last Updated
Unknown
Active Status
ActiveCreated
April 29, 2026
MITRE ATT&CK Techniques (40)
Indicators of Compromise
Loading IOCs…
IOC KQL for Sentinel
STIX Data
{'aliases': ['Tropic Trooper', 'Pirate Panda', 'KeyBoy'],
'created': '2019-01-29T20:17:48.717Z',
'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'description': '[Tropic Trooper](https://attack.mitre.org/groups/G0081) is an '
'unaffiliated threat group that has led targeted campaigns '
'against targets in Taiwan, the Philippines, and Hong Kong. '
'[Tropic Trooper](https://attack.mitre.org/groups/G0081) '
'focuses on targeting government, healthcare, transportation, '
'and high-tech industries and has been active since '
'2011.(Citation: TrendMicro Tropic Trooper Mar 2018)(Citation: '
'Unit 42 Tropic Trooper Nov 2016)(Citation: TrendMicro Tropic '
'Trooper May 2020)',
'external_references': [{'external_id': 'G0081',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/groups/G0081'},
{'description': '(Citation: Crowdstrike Pirate Panda '
'April 2020)',
'source_name': 'Pirate Panda'},
{'description': '(Citation: TrendMicro Tropic Trooper '
'Mar 2018)(Citation: Unit 42 Tropic '
'Trooper Nov 2016)',
'source_name': 'Tropic Trooper'},
{'description': '(Citation: Unit 42 Tropic Trooper '
'Nov 2016)(Citation: TrendMicro '
'Tropic Trooper Mar 2018)',
'source_name': 'KeyBoy'},
{'description': 'Busselen, M. (2020, April 7). '
'On-demand Webcast: CrowdStrike '
'Experts on COVID-19 Cybersecurity '
'Challenges and Recommendations. '
'Retrieved May 20, 2020.',
'source_name': 'Crowdstrike Pirate Panda April 2020',
'url': 'https://www.crowdstrike.com/blog/on-demand-webcast-crowdstrike-experts-on-covid-19-cybersecurity-challenges-and-recommendations/'},
{'description': 'Chen, J.. (2020, May 12). Tropic '
'Trooper’s Back: USBferry Attack '
'Targets Air gapped Environments. '
'Retrieved May 20, 2020.',
'source_name': 'TrendMicro Tropic Trooper May 2020',
'url': 'https://documents.trendmicro.com/assets/Tech-Brief-Tropic-Trooper-s-Back-USBferry-Attack-Targets-Air-gapped-Environments.pdf'},
{'description': 'Horejsi, J., et al. (2018, March '
'14). Tropic Trooper’s New Strategy. '
'Retrieved November 9, 2018.',
'source_name': 'TrendMicro Tropic Trooper Mar 2018',
'url': 'https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/'},
{'description': 'Ray, V. (2016, November 22). Tropic '
'Trooper Targets Taiwanese Government '
'and Fossil Fuel Provider With Poison '
'Ivy. Retrieved November 9, 2018.',
'source_name': 'Unit 42 Tropic Trooper Nov 2016',
'url': 'https://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/'}],
'id': 'intrusion-set--56319646-eb6e-41fc-ae53-aadfa7adb924',
'modified': '2025-10-21T23:19:38.101Z',
'name': 'Tropic Trooper',
'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
'revoked': False,
'spec_version': '2.1',
'type': 'intrusion-set',
'x_mitre_attack_spec_version': '3.3.0',
'x_mitre_contributors': ['Edward Millington'],
'x_mitre_deprecated': False,
'x_mitre_domains': ['enterprise-attack'],
'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'x_mitre_version': '1.6'}