Tool: USBferry| Names | USBferry | |
| Category | Malware | |
| Type | Reconnaissance, Backdoor, Info stealer, Exfiltration | |
| Description | (Trend Micro) USBferry has variants that perform different commands depending on specific targets; it can also combine capabilities, improve its stealth in infected environments, and steal critical information through USB storage. Specific functions will be embedded in the trojan downloader to adopt the target environment. Our in-depth analysis found that when Tropic Trooper first penetrates the victim's environment, they will use basic sourcing scripts to collect the host network’s topology, connection capability, and volume information. The second function uses USB storage to copy highly classified documents from the physically isolated environment. Moreover, this function copies certain files into the USB %RECYCLER% folder, monitors files’ modified time, and updates the newest one to the USB device. The last function will infiltrate the target’s internal machine with a customized Windows command and reverse backdoor malware. | |
| Information | <https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-troopers-back-usbferry-attack-targets-air-gapped-environments/> <https://documents.trendmicro.com/assets/Tech-Brief-Tropic-Trooper-s-Back-USBferry-Attack-Targets-Air-gapped-Environments.pdf> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.usbferry> | |
Last change to this tool card: 23 April 2021
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
APT groups | |||||
| Tropic Trooper, Pirate Panda, APT 23, KeyBoy |  | 2011-Apr 2020 | |||
1 group listed (1 APT, 0 other, 0 unknown)
|
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1234 | |
 |
report@thaicert.or.th | |
 |
Download PGP key | |