{ "id": "ccb30130-6d6c-49d7-b09c-a8dcbade7f53", "created_at": "2026-04-06T00:22:31.510833Z", "updated_at": "2026-04-10T03:33:20.143041Z", "deleted_at": null, "sha1_hash": "51deb0f8c5535c141607a6e8f8a0abf2c31827c1", "title": "reGeorg - Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 48615, "plain_text": "reGeorg - Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 17:11:50 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Neo-reGeorg\n Tool: Neo-reGeorg\nNames Neo-reGeorg\nCategory Tools\nType Tunneling\nDescription\nKaspersky) An open-source SOCKS5 proxy, the attackers used it to pivot to other\nmachines and evade network-level security controls. Some detections suggest that this\ntool may be used to proxy traffic, but we have not been able to verify the actual purpose\nof proxying traffic through this server.\nInformation\nMITRE ATT\u0026CK Last change to this tool card: 28 June 2025\nDownload this tool card in JSON format\nAll groups using tool Neo-reGeorg\nChanged Name Country Observed\nAPT groups\n Tropic Trooper, Pirate Panda, APT 23, KeyBoy 2011-Jun 2023\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=cf54ea72-3d59-440e-b706-57afdb361589\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=cf54ea72-3d59-440e-b706-57afdb361589\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=cf54ea72-3d59-440e-b706-57afdb361589" ], "report_names": [ "listgroups.cgi?u=cf54ea72-3d59-440e-b706-57afdb361589" ], "threat_actors": [ { "id": "61ea51ed-a419-4b05-9241-5ab0dbba25fc", "created_at": "2023-01-06T13:46:38.354607Z", "updated_at": "2026-04-10T02:00:02.939761Z", "deleted_at": null, "main_name": "APT23", "aliases": [ "BRONZE HOBART", "G0081", "Red Orthrus", "Earth Centaur", "PIRATE PANDA", "KeyBoy", "Tropic Trooper" ], "source_name": "MISPGALAXY:APT23", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "bef7800a-a08f-4e21-b65c-4279c851e572", "created_at": "2022-10-25T15:50:23.409336Z", "updated_at": "2026-04-10T02:00:05.319608Z", "deleted_at": null, "main_name": "Tropic Trooper", "aliases": [ "Tropic Trooper", "Pirate Panda", "KeyBoy" ], "source_name": "MITRE:Tropic Trooper", "tools": [ "USBferry", "ShadowPad", "PoisonIvy", "BITSAdmin", "YAHOYAH", "KeyBoy" ], "source_id": "MITRE", "reports": null }, { "id": "578f8e62-2bb4-4ce4-a8b7-6c868fa29724", "created_at": "2022-10-25T16:07:24.344358Z", "updated_at": "2026-04-10T02:00:04.947834Z", "deleted_at": null, "main_name": "Tropic Trooper", "aliases": [ "APT 23", "Bronze Hobart", "Earth Centaur", "G0081", "KeyBoy", "Operation Tropic Trooper", "Pirate Panda", "Tropic Trooper" ], "source_name": "ETDA:Tropic Trooper", "tools": [ "8.t Dropper", "8.t RTF exploit builder", "8t_dropper", "ByPassGodzilla", "CHINACHOPPER", "CREDRIVER", "China Chopper", "Chymine", "Darkmoon", "Gen:Trojan.Heur.PT", "KeyBoy", "Neo-reGeorg", "PCShare", "POISONPLUG.SHADOW", "Poison Ivy", "RoyalRoad", "SPIVY", "ShadowPad Winnti", "SinoChopper", "Swor", "TSSL", "USBferry", "W32/Seeav", "Winsloader", "XShellGhost", "Yahoyah", "fscan", "pivy", "poisonivy" ], "source_id": "ETDA", "reports": null }, { "id": "86182dd7-646c-49c5-91a6-4b62fd2119a7", "created_at": "2025-08-07T02:03:24.617638Z", "updated_at": "2026-04-10T02:00:03.738499Z", "deleted_at": null, "main_name": "BRONZE HOBART", "aliases": [ "APT23", "Earth Centaur ", "KeyBoy ", "Pirate Panda ", "Red Orthrus ", "TA413 ", "Tropic Trooper " ], "source_name": "Secureworks:BRONZE HOBART", "tools": [ "Crowdoor", "DSNGInstaller", "KeyBoy", "LOWZERO", "Mofu", "Pfine", "Sepulcher", "Xiangoop Loader", "Yahaoyah" ], "source_id": "Secureworks", "reports": null } ], "ts_created_at": 1775434951, "ts_updated_at": 1775792000, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/51deb0f8c5535c141607a6e8f8a0abf2c31827c1.pdf", "text": "https://archive.orkl.eu/51deb0f8c5535c141607a6e8f8a0abf2c31827c1.txt", "img": "https://archive.orkl.eu/51deb0f8c5535c141607a6e8f8a0abf2c31827c1.jpg" } }