{ "id": "3a1788ef-613c-4740-9aca-5f4e1ec63be5", "created_at": "2026-04-06T00:08:40.362866Z", "updated_at": "2026-04-10T03:34:41.420168Z", "deleted_at": null, "sha1_hash": "25323e8a133efd337a1452bb26ce023620ce5f1b", "title": "Revealer Keylogger - Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 44508, "plain_text": "Revealer Keylogger - Threat Group Cards: A Threat Actor\nEncyclopedia\nArchived: 2026-04-05 18:41:58 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Revealer Keylogger\n Tool: Revealer Keylogger\nNames Revealer Keylogger\nCategory Tools\nType Keylogger\nDescription\n(Softonic) Revealer Keylogger is a simple, easy-to-use keylogger that records everything that's\ntyped into the computer.\nRevealer Keylogger works surprisingly well. Under a rather simple interface we find a tool\nthat can hide itself (so that users don't notice they're being logged) and record absolutely\neverything that you type, from a simple text document to the user-names and passwords\n(without asterisks) entered on any website.\nInformation\nLast change to this tool card: 15 February 2023\nDownload this tool card in JSON format\nAll groups using tool Revealer Keylogger\nChanged Name Country Observed\nAPT groups\n OPERA1ER [Unknown] 2016-Jul 2023\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=1babcc1a-12f8-4b4d-98fa-3692c2b6e2c9\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=1babcc1a-12f8-4b4d-98fa-3692c2b6e2c9\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=1babcc1a-12f8-4b4d-98fa-3692c2b6e2c9" ], "report_names": [ "listgroups.cgi?u=1babcc1a-12f8-4b4d-98fa-3692c2b6e2c9" ], "threat_actors": [ { "id": "11c69e3d-a740-4a70-abd3-158ac0375452", "created_at": "2023-01-06T13:46:39.29608Z", "updated_at": "2026-04-10T02:00:03.27813Z", "deleted_at": null, "main_name": "Common Raven", "aliases": [ "NXSMS", "DESKTOP-GROUP", "OPERA1ER" ], "source_name": "MISPGALAXY:Common Raven", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "a1071a25-d7c1-41be-a97f-2ec1b167ceb0", "created_at": "2023-02-18T02:04:24.365926Z", "updated_at": "2026-04-10T02:00:04.792271Z", "deleted_at": null, "main_name": "OPERA1ER", "aliases": [ "Common Raven", "DESKTOP-GROUP", "NXSMS", "Operation Nervone" ], "source_name": "ETDA:OPERA1ER", "tools": [ "AgenTesla", "Agent Tesla", "AgentTesla", "Agentemis", "BitRAT", "BlackNET RAT", "Cobalt Strike", "CobaltStrike", "Kasidet", "LOLBAS", "LOLBins", "Living off the Land", "Metasploit", "Negasteal", "NetWeird", "NetWire", "NetWire RAT", "NetWire RC", "NetWired RC", "Neutrino Bot", "Neutrino Exploit Kit", "Ngrok", "Origin Logger", "PsExec", "RDPWrap", "Recam", "Remcos", "RemcosRAT", "Remvio", "Revealer Keylogger", "Socmer", "VenomRAT", "ZPAQ", "cobeacon" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434120, "ts_updated_at": 1775792081, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/25323e8a133efd337a1452bb26ce023620ce5f1b.pdf", "text": "https://archive.orkl.eu/25323e8a133efd337a1452bb26ce023620ce5f1b.txt", "img": "https://archive.orkl.eu/25323e8a133efd337a1452bb26ce023620ce5f1b.jpg" } }