{"id":44421,"date":"2021-12-14T00:00:00","date_gmt":"2021-12-14T00:00:00","guid":{"rendered":"urn:uuid:6db8d481-4337-d9dc-2f93-57cac506afa5"},"modified":"2021-12-14T00:00:00","modified_gmt":"2021-12-14T00:00:00","slug":"collecting-in-the-dark-tropic-trooper-targets-transportation-and-government","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government\/","title":{"rendered":"Collecting In the Dark: Tropic Trooper Targets Transportation and Government"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/l\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government-organizations\/earth%20trooper%20banner.jpg\"><\/p>\n<div><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/l\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government-organizations\/earth%20trooper%20banner.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>While analyzing samples, we found that the C&amp;C server was already inactive. Without knowing the traffic between SmileSvr and C&amp;C server, we could not fully understand all functions. However, most of the backdoor functions are listed here:<\/p>\n<table cellpadding=\"1\" cellspacing=\"0\" border=\"1\" width=\"100%\">\n<tbody readability=\"3\">\n<tr>\n<td>Command code<\/td>\n<td>Function<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>0x5001<\/td>\n<td>Opens\/Reads specified file<\/td>\n<\/tr>\n<tr>\n<td>0x5002<\/td>\n<td>Unknown<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>0x5004<\/td>\n<td>Opens\/Writes specified file<\/td>\n<\/tr>\n<tr>\n<td>0x5006<\/td>\n<td>Opens command shell<\/td>\n<\/tr>\n<tr>\n<td>0x5007<\/td>\n<td>Unknown<\/td>\n<\/tr>\n<tr>\n<td>0x5009<\/td>\n<td>Closes command shell<\/td>\n<\/tr>\n<tr>\n<td>0x500A<\/td>\n<td>File System Traversal<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>0x500C<\/td>\n<td>Checks environment information<\/td>\n<\/tr>\n<tr>\n<td>0x500E<\/td>\n<td>Unknown<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>As for the SSL version of SmileSvr, the capability of SSL communication is built by using wolfSSL, which is a lightweight, C-language based SSL\/TLS library. The backdoor functions of SSL version SmileSvr are similar to the ICMP ones. The threat actors just use it to develop new ways to support data transfer via an encrypted channel.<\/p>\n<p><i>Customized Gh0st RAT<\/i><\/p>\n<p>In our investigation, we also found a suspicious executable named telegram.exe. After analyzing the file, we found that it was a customized version of Gh0st RAT. Compared to the original Gh0st RAT (Gh0st beta 3.6), the difference is that the customized version supports a new function to discover information from active sessions on the host.<\/p>\n<p>All supported functions for the customized Gh0st are shown in the following table:<\/p>\n<table cellpadding=\"1\" cellspacing=\"0\" border=\"1\" width=\"100%\">\n<tbody readability=\"3\">\n<tr>\n<td>Command code<\/td>\n<td>Function<\/td>\n<\/tr>\n<tr>\n<td>0xC8<\/td>\n<td>Terminates connection<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>0xCA<\/td>\n<td>File manager to handle file operations<\/td>\n<\/tr>\n<tr>\n<td>0xCB<\/td>\n<td>Screen monitoring<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>0xCC<\/td>\n<td>Opens remote shell for command execution<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>0XD5<\/td>\n<td>Gets active session information<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span class=\"body-subhead-title\">Post-Exploitation<\/span><\/p>\n<p>After successfully exploiting the vulnerable system, the threat actor will use multiple hacking tools to discover and compromise machines on the victim\u2019s intranet. In this stage, we also observed attempts to deploy tools to exfiltrate stolen information.<\/p>\n<p>During our investigation, we found evidence of specific tools, which we listed in Table 1. With these tools, the attackers accomplish their goals (network discovery, access to the intranet, and exfiltration) step by step.<\/p>\n<table cellpadding=\"1\" cellspacing=\"0\" border=\"1\" width=\"100%\">\n<tbody readability=\"3\">\n<tr>\n<td>Tool name<\/td>\n<td>Purpose<\/td>\n<td>Description<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>SharpHound<\/td>\n<td>AD Discovery<\/td>\n<td>Discovery tool to understand the relationship in an AD environment<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>FRPC<\/td>\n<td>Intranet Penetration<\/td>\n<td>Fast reverse proxy to help expose a local server behind a NAT or firewall to the internet<\/td>\n<\/tr>\n<tr>\n<td>Chisel<\/td>\n<td>Intranet Penetration<\/td>\n<td>Fast TCP\/UDP tunnel<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>RClone<\/td>\n<td>Exfiltration<\/td>\n<td>A command-line program to sync files and directories to and from different cloud storage providers<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><b>Credential Dumping<\/b><\/p>\n<p>We also observed that the group used multiple legitimate tools to dump credentials on compromised machines. It made good use of these tools to achieve its goal and keep its operation hidden and unobstructive.<\/p>\n<p>For example, the group uses ProcDump.exe (a tool from Windows Sysinternals Suite that creates dumps of the processes in any scenario), which it renamed bootsys.exe:<\/p>\n<p><span class=\"blockquote\">c:\\users\\public\\downloads\\bootsys.exe&nbsp; -accepteula -ma lsass.exe C:\\Users\\Public\\Downloads\\lsass.dmp<\/span><\/p>\n<p>The group dumps credentials stored in registries by using reg.exe:<\/p>\n<p><span class=\"blockquote\">reg.exe save hklm\\sam C:\\Users\\Public\\Downloads\\sam.hive<\/span><\/p>\n<p><span class=\"blockquote\">reg.exe save hklm\\sam c:\\windows\\temp\\sa.dit<\/span><\/p>\n<p><span class=\"blockquote\">reg.exe save hklm\\security c:\\windows\\temp\\se.dit<\/span><\/p>\n<p><span class=\"blockquote\">reg.exe save hklm\\system c:\\windows\\temp\\sy.dit<\/span><\/p>\n<p>The group would also dump memory from the specified process by using comsvcs.dll:<\/p>\n<p><span class=\"blockquote\">rundll32.exe C:\\Windows\\System32\\comsvcs.dll MiniDump 764 C:\\Windows\\TEMP\\dump.bin full<\/span><\/p>\n<p><b>Indicator Removal<\/b><\/p>\n<p>To avoid exposing their footprints to investigators, the threat actors made their own tool to wipe out the event logs on the victimized machine. By using this tool, they could clean specified event logs and make it hard for investigators to track their operations.<\/p>\n<p>The usage is as follows:<\/p>\n<p> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/l\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government-organizations.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Our long-term monitoring of the cyberespionage group Earth Centaur (aka Tropic Trooper) shows that the threat actors are equipped with new tools and techniques. The group seems to be targeting transportation companies and government agencies related to transportation. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":44422,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9546,9510,9508,9509],"class_list":["post-44421","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-apttargeted-attacks","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-endpoints","tag-trend-micro-research-research"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Collecting In the Dark: Tropic Trooper Targets Transportation and Government 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Collecting In the Dark: Tropic Trooper Targets Transportation and Government 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-14T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/l\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government-organizations\/earth%20trooper%20banner.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Collecting In the Dark: Tropic Trooper Targets Transportation and Government\",\"datePublished\":\"2021-12-14T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government\\\/\"},\"wordCount\":597,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/12\\\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government.jpg\",\"keywords\":[\"Trend Micro Research : APT&amp;Targeted Attacks\",\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Endpoints\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government\\\/\",\"name\":\"Collecting In the Dark: Tropic Trooper Targets Transportation and Government 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/12\\\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government.jpg\",\"datePublished\":\"2021-12-14T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/12\\\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/12\\\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government.jpg\",\"width\":641,\"height\":350},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : APT&amp;Targeted Attacks\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-apttargeted-attacks\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Collecting In the Dark: Tropic Trooper Targets Transportation and Government\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Collecting In the Dark: Tropic Trooper Targets Transportation and Government 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government\/","og_locale":"en_US","og_type":"article","og_title":"Collecting In the Dark: Tropic Trooper Targets Transportation and Government 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-12-14T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/l\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government-organizations\/earth%20trooper%20banner.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Collecting In the Dark: Tropic Trooper Targets Transportation and Government","datePublished":"2021-12-14T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government\/"},"wordCount":597,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/12\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government.jpg","keywords":["Trend Micro Research : APT&amp;Targeted Attacks","Trend Micro Research : Articles, News, Reports","Trend Micro Research : Endpoints","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government\/","url":"https:\/\/www.threatshub.org\/blog\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government\/","name":"Collecting In the Dark: Tropic Trooper Targets Transportation and Government 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/12\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government.jpg","datePublished":"2021-12-14T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/12\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/12\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government.jpg","width":641,"height":350},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : APT&amp;Targeted Attacks","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-apttargeted-attacks\/"},{"@type":"ListItem","position":3,"name":"Collecting In the Dark: Tropic Trooper Targets Transportation and Government"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44421","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=44421"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44421\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/44422"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=44421"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=44421"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=44421"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}