Home > List all groups > List all tools > List all groups using tool USBferry

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: USBferry

TypeReconnaissance, Backdoor, Info stealer, Exfiltration
Description(Trend Micro) USBferry has variants that perform different commands depending on specific targets; it can also combine capabilities, improve its stealth in infected environments, and steal critical information through USB storage.

Specific functions will be embedded in the trojan downloader to adopt the target environment. Our in-depth analysis found that when Tropic Trooper first penetrates the victim's environment, they will use basic sourcing scripts to collect the host network’s topology, connection capability, and volume information. The second function uses USB storage to copy highly classified documents from the physically isolated environment. Moreover, this function copies certain files into the USB %RECYCLER% folder, monitors files’ modified time, and updates the newest one to the USB device. The last function will infiltrate the target’s internal machine with a customized Windows command and reverse backdoor malware.

Last change to this tool card: 23 April 2021

Download this tool card in JSON format

All groups using tool USBferry


APT groups

 Tropic Trooper, Pirate Panda, APT 23, KeyBoyChina2011-Apr 2020 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
PGP Download PGP key