Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 17:52:25 UTC
Home > List all groups > List all tools > List all groups using tool KeyBoy
 Tool: KeyBoy
Names
KeyBoy
TSSL
Category Malware
Type Reconnaissance, Backdoor, Info stealer, Exfiltration
Description
(PWC) The malware leveraged by KeyBoy has a plethora of functionality, including, but
not limited to:
• Screen grabbing/taking screenshots;
• Determine public or WAN IP address (using a public IP service), likely for determining
a suited target;
• Gather extended system information, such as information about the operating system,
disks, memory and so on;
• A ‘file browser’ or explorer;
• Shutdown and reboot commands (in addition to the point below);
• Launching interactive shells for communicating with the victim machine;
• Download and upload functionality; and
• Usage of custom SSL libraries for masquerading C2 traffic.
Information
MITRE ATT&CK Malpedia AlienVault OTX https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=dbec73b9-60b1-42a5-a4b3-ab5bef525f2b
Page 1 of 2

Last change to this tool card: 14 May 2020
Download this tool card in JSON format
All groups using tool KeyBoy
Changed Name Country Observed
APT groups
  Tropic Trooper, Pirate Panda, APT 23, KeyBoy 2011-Jun 2023  
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=dbec73b9-60b1-42a5-a4b3-ab5bef525f2b
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=dbec73b9-60b1-42a5-a4b3-ab5bef525f2b
Page 2 of 2