{
	"id": "2ab35e69-ca00-41e1-bdc1-b0de2090621a",
	"created_at": "2026-04-06T00:12:01.66469Z",
	"updated_at": "2026-04-10T03:33:20.187495Z",
	"deleted_at": null,
	"sha1_hash": "32051a47913c6a1f0d295303eab90301db01c6fc",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 55529,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 17:52:25 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool KeyBoy\n Tool: KeyBoy\nNames\nKeyBoy\nTSSL\nCategory Malware\nType Reconnaissance, Backdoor, Info stealer, Exfiltration\nDescription\n(PWC) The malware leveraged by KeyBoy has a plethora of functionality, including, but\nnot limited to:\n• Screen grabbing/taking screenshots;\n• Determine public or WAN IP address (using a public IP service), likely for determining\na suited target;\n• Gather extended system information, such as information about the operating system,\ndisks, memory and so on;\n• A ‘file browser’ or explorer;\n• Shutdown and reboot commands (in addition to the point below);\n• Launching interactive shells for communicating with the victim machine;\n• Download and upload functionality; and\n• Usage of custom SSL libraries for masquerading C2 traffic.\nInformation\nMITRE ATT\u0026CK Malpedia AlienVault OTX https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=dbec73b9-60b1-42a5-a4b3-ab5bef525f2b\nPage 1 of 2\n\nLast change to this tool card: 14 May 2020\r\nDownload this tool card in JSON format\r\nAll groups using tool KeyBoy\r\nChanged Name Country Observed\r\nAPT groups\r\n  Tropic Trooper, Pirate Panda, APT 23, KeyBoy 2011-Jun 2023  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=dbec73b9-60b1-42a5-a4b3-ab5bef525f2b\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=dbec73b9-60b1-42a5-a4b3-ab5bef525f2b\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=dbec73b9-60b1-42a5-a4b3-ab5bef525f2b"
	],
	"report_names": [
		"listgroups.cgi?u=dbec73b9-60b1-42a5-a4b3-ab5bef525f2b"
	],
	"threat_actors": [
		{
			"id": "61ea51ed-a419-4b05-9241-5ab0dbba25fc",
			"created_at": "2023-01-06T13:46:38.354607Z",
			"updated_at": "2026-04-10T02:00:02.939761Z",
			"deleted_at": null,
			"main_name": "APT23",
			"aliases": [
				"BRONZE HOBART",
				"G0081",
				"Red Orthrus",
				"Earth Centaur",
				"PIRATE PANDA",
				"KeyBoy",
				"Tropic Trooper"
			],
			"source_name": "MISPGALAXY:APT23",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "bef7800a-a08f-4e21-b65c-4279c851e572",
			"created_at": "2022-10-25T15:50:23.409336Z",
			"updated_at": "2026-04-10T02:00:05.319608Z",
			"deleted_at": null,
			"main_name": "Tropic Trooper",
			"aliases": [
				"Tropic Trooper",
				"Pirate Panda",
				"KeyBoy"
			],
			"source_name": "MITRE:Tropic Trooper",
			"tools": [
				"USBferry",
				"ShadowPad",
				"PoisonIvy",
				"BITSAdmin",
				"YAHOYAH",
				"KeyBoy"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "578f8e62-2bb4-4ce4-a8b7-6c868fa29724",
			"created_at": "2022-10-25T16:07:24.344358Z",
			"updated_at": "2026-04-10T02:00:04.947834Z",
			"deleted_at": null,
			"main_name": "Tropic Trooper",
			"aliases": [
				"APT 23",
				"Bronze Hobart",
				"Earth Centaur",
				"G0081",
				"KeyBoy",
				"Operation Tropic Trooper",
				"Pirate Panda",
				"Tropic Trooper"
			],
			"source_name": "ETDA:Tropic Trooper",
			"tools": [
				"8.t Dropper",
				"8.t RTF exploit builder",
				"8t_dropper",
				"ByPassGodzilla",
				"CHINACHOPPER",
				"CREDRIVER",
				"China Chopper",
				"Chymine",
				"Darkmoon",
				"Gen:Trojan.Heur.PT",
				"KeyBoy",
				"Neo-reGeorg",
				"PCShare",
				"POISONPLUG.SHADOW",
				"Poison Ivy",
				"RoyalRoad",
				"SPIVY",
				"ShadowPad Winnti",
				"SinoChopper",
				"Swor",
				"TSSL",
				"USBferry",
				"W32/Seeav",
				"Winsloader",
				"XShellGhost",
				"Yahoyah",
				"fscan",
				"pivy",
				"poisonivy"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "86182dd7-646c-49c5-91a6-4b62fd2119a7",
			"created_at": "2025-08-07T02:03:24.617638Z",
			"updated_at": "2026-04-10T02:00:03.738499Z",
			"deleted_at": null,
			"main_name": "BRONZE HOBART",
			"aliases": [
				"APT23",
				"Earth Centaur ",
				"KeyBoy ",
				"Pirate Panda ",
				"Red Orthrus ",
				"TA413 ",
				"Tropic Trooper "
			],
			"source_name": "Secureworks:BRONZE HOBART",
			"tools": [
				"Crowdoor",
				"DSNGInstaller",
				"KeyBoy",
				"LOWZERO",
				"Mofu",
				"Pfine",
				"Sepulcher",
				"Xiangoop Loader",
				"Yahaoyah"
			],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775434321,
	"ts_updated_at": 1775792000,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/32051a47913c6a1f0d295303eab90301db01c6fc.pdf",
		"text": "https://archive.orkl.eu/32051a47913c6a1f0d295303eab90301db01c6fc.txt",
		"img": "https://archive.orkl.eu/32051a47913c6a1f0d295303eab90301db01c6fc.jpg"
	}
}