{ "id": "f587f7f9-5d38-41ec-91a1-0d282a5c45b3", "created_at": "2026-04-06T15:53:44.685521Z", "updated_at": "2026-04-10T03:33:19.988349Z", "deleted_at": null, "sha1_hash": "5b8f6ab5f6746a2b73a5b31075bfc275ee274cc4", "title": "LevelBlue - Open Threat Exchange", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 275581, "plain_text": "LevelBlue - Open Threat Exchange\r\nBy bd.taylor\r\nArchived: 2026-04-06 15:17:29 UTC\r\nShow:\r\nAll\r\nSort:\r\nRecently Modified\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:keyboy\r\nPage 1 of 17\n\nACTIVIDAD MALICIOSA | Relacionada con Amadey 05-05-2025\r\nFileHash-MD5: 60 | FileHash-SHA1: 61 | FileHash-SHA256: 60 | URL: 5 | YARA: 1\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:keyboy\r\nPage 2 of 17\n\nIf you want to create an interactive image, try Genially, a free online design and design app that lets you design,\r\ncreate and create interactive images for your friends, family and friends..\r\n26 Subscribers\r\n841 Subscribers\r\n480 Subscribers\r\n480 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:keyboy\r\nPage 3 of 17\n\n65 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:keyboy\r\nPage 4 of 17\n\n480 Subscribers\r\n560 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:keyboy\r\nPage 5 of 17\n\nta413\r\nCVE: 5 | FileHash-MD5: 2 | FileHash-SHA1: 2 | FileHash-SHA256: 4 | URL: 2 | Domain: 10\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:keyboy\r\nPage 6 of 17\n\nRecorded Future’s new report on Chinese state-sponsored cyber espionage and intelligence-gathering highlights\r\nthe group's persistent targeting of ethnic and religious minority communities, as well as those targeted by the\r\nTibetan community.\r\n128 Subscribers\r\n841 Subscribers\r\n164 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:keyboy\r\nPage 7 of 17\n\n258 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:keyboy\r\nPage 8 of 17\n\n181 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:keyboy\r\nPage 9 of 17\n\n354 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:keyboy\r\nPage 10 of 17\n\nThreat Profile: RedLine Infostealer\r\nFileHash-MD5: 308 | FileHash-SHA1: 308 | FileHash-SHA256: 307 | URL: 54 | Domain: 7 | Email: 1 |\r\nHostname: 10\r\ninformation stealer, named RedLine Stealer by the author, was identified being delivered through spam email\r\ncampaigns, the malware is offered for sale on Russian dark web forums and as a tiered subscription allowing\r\nthreat actors to use the information stealer, subscribe at different costs and purchase different access levels. In\r\naddition to being a password stealer, RedLine has the capabilities to steal login information, autocomplete data,\r\npasswords, and credit cards information from browsers.\r\n240 Subscribers\r\nThreat Profile: RedLine Infostealer\r\nFileHash-MD5: 308 | FileHash-SHA1: 308 | FileHash-SHA256: 307 | URL: 54 | Domain: 7 | Email: 1 |\r\nHostname: 10\r\ninformation stealer, named RedLine Stealer by the author, was identified being delivered through spam email\r\ncampaigns, the malware is offered for sale on Russian dark web forums and as a tiered subscription allowing\r\nthreat actors to use the information stealer, subscribe at different costs and purchase different access levels. In\r\naddition to being a password stealer, RedLine has the capabilities to steal login information, autocomplete data,\r\npasswords, and credit cards information from browsers.\r\n240 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:keyboy\r\nPage 11 of 17\n\n354 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:keyboy\r\nPage 12 of 17\n\n354 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:keyboy\r\nPage 13 of 17\n\nThreat Research | FireEye Inc\r\nFind out more about FireEye.com, the world's leading cyber security company, which provides security services to\r\nmore than 1.5 million customers across the globe, and offers a wide range of products and services.\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:keyboy\r\nPage 14 of 17\n\n17 Subscribers\r\nWastedLocker (Malware Family)\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:keyboy\r\nPage 15 of 17\n\nA new strain of ransomware known as WastedLocker has been detected by researchers at the University of\r\nCalifornia, San Francisco and the US National Security Agency (NSSA) in the United States.\r\n36 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:keyboy\r\nPage 16 of 17\n\n354 Subscribers\r\nSource: https://otx.alienvault.com/browse/pulses?q=tag:keyboy\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:keyboy\r\nPage 17 of 17\n\nACTIVIDAD MALICIOSA https://otx.alienvault.com/browse/pulses?q=tag:keyboy | Relacionada con Amadey 05-05-2025 \nFileHash-MD5: 60 | FileHash-SHA1: 61 | FileHash-SHA256: 60 | URL: 5 | YARA: 1\n Page 2 of 17 \n\nta413 https://otx.alienvault.com/browse/pulses?q=tag:keyboy \nCVE: 5 | FileHash-MD5: 2 | FileHash-SHA1: 2 | FileHash-SHA256: 4 | URL: 2 | Domain: 10\n Page 6 of 17", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://otx.alienvault.com/browse/pulses?q=tag:keyboy" ], "report_names": [ "pulses?q=tag:keyboy" ], "threat_actors": [ { "id": "61ea51ed-a419-4b05-9241-5ab0dbba25fc", "created_at": "2023-01-06T13:46:38.354607Z", "updated_at": "2026-04-10T02:00:02.939761Z", "deleted_at": null, "main_name": "APT23", "aliases": [ "BRONZE HOBART", "G0081", "Red Orthrus", "Earth Centaur", "PIRATE PANDA", "KeyBoy", "Tropic Trooper" ], "source_name": "MISPGALAXY:APT23", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "bef7800a-a08f-4e21-b65c-4279c851e572", "created_at": "2022-10-25T15:50:23.409336Z", "updated_at": "2026-04-10T02:00:05.319608Z", "deleted_at": null, "main_name": "Tropic Trooper", "aliases": [ "Tropic Trooper", "Pirate Panda", "KeyBoy" ], "source_name": "MITRE:Tropic Trooper", "tools": [ "USBferry", "ShadowPad", "PoisonIvy", "BITSAdmin", "YAHOYAH", "KeyBoy" ], "source_id": "MITRE", "reports": null }, { "id": "3b1367ff-99dc-41f0-986f-4a1dcb41bbbf", "created_at": "2022-10-25T16:07:24.273478Z", "updated_at": "2026-04-10T02:00:04.918037Z", "deleted_at": null, "main_name": "TA413", "aliases": [ "White Dev 9" ], "source_name": "ETDA:TA413", "tools": [ "Exile RAT", "ExileRAT", "Sepulcher" ], "source_id": "ETDA", "reports": null }, { "id": "578f8e62-2bb4-4ce4-a8b7-6c868fa29724", "created_at": "2022-10-25T16:07:24.344358Z", "updated_at": "2026-04-10T02:00:04.947834Z", "deleted_at": null, "main_name": "Tropic Trooper", "aliases": [ "APT 23", "Bronze Hobart", "Earth Centaur", "G0081", "KeyBoy", "Operation Tropic Trooper", "Pirate Panda", "Tropic Trooper" ], "source_name": "ETDA:Tropic Trooper", "tools": [ "8.t Dropper", "8.t RTF exploit builder", "8t_dropper", "ByPassGodzilla", "CHINACHOPPER", "CREDRIVER", "China Chopper", "Chymine", "Darkmoon", "Gen:Trojan.Heur.PT", "KeyBoy", "Neo-reGeorg", "PCShare", "POISONPLUG.SHADOW", "Poison Ivy", "RoyalRoad", "SPIVY", "ShadowPad Winnti", "SinoChopper", "Swor", "TSSL", "USBferry", "W32/Seeav", "Winsloader", "XShellGhost", "Yahoyah", "fscan", "pivy", "poisonivy" ], "source_id": "ETDA", "reports": null }, { "id": "9792e41f-4165-474b-99fa-e74ec332bd87", "created_at": "2023-01-06T13:46:38.986789Z", "updated_at": "2026-04-10T02:00:03.172308Z", "deleted_at": null, "main_name": "Lucky Cat", "aliases": [ "TA413", "White Dev 9" ], "source_name": "MISPGALAXY:Lucky Cat", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "86182dd7-646c-49c5-91a6-4b62fd2119a7", "created_at": "2025-08-07T02:03:24.617638Z", "updated_at": "2026-04-10T02:00:03.738499Z", "deleted_at": null, "main_name": "BRONZE HOBART", "aliases": [ "APT23", "Earth Centaur ", "KeyBoy ", "Pirate Panda ", "Red Orthrus ", "TA413 ", "Tropic Trooper " ], "source_name": "Secureworks:BRONZE HOBART", "tools": [ "Crowdoor", "DSNGInstaller", "KeyBoy", "LOWZERO", "Mofu", "Pfine", "Sepulcher", "Xiangoop Loader", "Yahaoyah" ], "source_id": "Secureworks", "reports": null } ], "ts_created_at": 1775490824, "ts_updated_at": 1775791999, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/5b8f6ab5f6746a2b73a5b31075bfc275ee274cc4.pdf", "text": "https://archive.orkl.eu/5b8f6ab5f6746a2b73a5b31075bfc275ee274cc4.txt", "img": "https://archive.orkl.eu/5b8f6ab5f6746a2b73a5b31075bfc275ee274cc4.jpg" } }