{ "id": "38822ad3-386e-4c9f-8b67-e03a77b00892", "created_at": "2026-04-06T00:18:17.542856Z", "updated_at": "2026-04-10T13:12:35.117054Z", "deleted_at": null, "sha1_hash": "619d1203e410720c01cfe874cf001e019c20caa1", "title": "APT3 Keylogger - Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 47910, "plain_text": "APT3 Keylogger - Threat Group Cards: A Threat Actor\nEncyclopedia\nArchived: 2026-04-05 19:14:56 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool APT3 Keylogger\n Tool: APT3 Keylogger\nNames APT3 Keylogger\nCategory Malware\nType Keylogger\nDescription No description available yet.\nInformation\nMalpedia Last change to this tool card: 14 May 2020\nDownload this tool card in JSON format\nAll groups using tool APT3 Keylogger\nChanged Name Country Observed\nAPT groups\n APT 3, Gothic Panda, Buckeye 2007-Nov 2017\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=edf46d75-3f6d-48e9-ac96-fe2b89d53154\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=edf46d75-3f6d-48e9-ac96-fe2b89d53154\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=edf46d75-3f6d-48e9-ac96-fe2b89d53154" ], "report_names": [ "listgroups.cgi?u=edf46d75-3f6d-48e9-ac96-fe2b89d53154" ], "threat_actors": [ { "id": "13354d3f-3f40-44ec-b42a-3cda18809005", "created_at": "2022-10-25T15:50:23.275272Z", "updated_at": "2026-04-10T02:00:05.36519Z", "deleted_at": null, "main_name": "APT3", "aliases": [ "APT3", "Gothic Panda", "Pirpi", "UPS Team", "Buckeye", "Threat Group-0110", "TG-0110" ], "source_name": "MITRE:APT3", "tools": [ "OSInfo", "schtasks", "PlugX", "LaZagne", "SHOTPUT", "RemoteCMD" ], "source_id": "MITRE", "reports": null }, { "id": "761d1fb2-60e3-46f0-9f1c-c8a9715967d4", "created_at": "2023-01-06T13:46:38.269054Z", "updated_at": "2026-04-10T02:00:02.90356Z", "deleted_at": null, "main_name": "APT3", "aliases": [ "GOTHIC PANDA", "TG-0110", "Buckeye", "Group 6", "Boyusec", "BORON", "BRONZE MAYFAIR", "Red Sylvan", "Brocade Typhoon" ], "source_name": "MISPGALAXY:APT3", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "cf826655-5fcb-4331-bdc5-5ef267db9d3c", "created_at": "2025-08-07T02:03:24.631402Z", "updated_at": "2026-04-10T02:00:03.608938Z", "deleted_at": null, "main_name": "BRONZE MAYFAIR", "aliases": [ "APT3 ", "Gothic Panda ", "Pirpi", "TG-0110 ", "UPSTeam" ], "source_name": "Secureworks:BRONZE MAYFAIR", "tools": [ "Cookiecutter", "HUC Proxy Malware (Htran)", "Pirpi", "PlugX", "SplitVPN", "UPS", "ctt", "ctx" ], "source_id": "Secureworks", "reports": null }, { "id": "06f622cb-3a78-49cf-9a4c-a6007a69325f", "created_at": "2022-10-25T16:07:23.315239Z", "updated_at": "2026-04-10T02:00:04.537826Z", "deleted_at": null, "main_name": "APT 3", "aliases": [ "APT 3", "Boron", "Brocade Typhoon", "Bronze Mayfair", "Buckeye", "G0022", "Gothic Panda", "Group 6", "Operation Clandestine Fox", "Operation Clandestine Fox, Part Deux", "Operation Clandestine Wolf", "Operation Double Tap", "Red Sylvan", "TG-0110", "UPS Team" ], "source_name": "ETDA:APT 3", "tools": [ "APT3 Keylogger", "Agent.dhwf", "BKDR_HUPIGON", "Backdoor.APT.CookieCutter", "Badey", "Bemstour", "CookieCutter", "Destroy RAT", "DestroyRAT", "DoublePulsar", "EXL", "EternalBlue", "HTran", "HUC Packet Transmit Tool", "Hupigon", "Hupigon RAT", "Kaba", "Korplug", "LaZagne", "MFC Huner", "OSInfo", "Pirpi", "PlugX", "RedDelta", "RemoteCMD", "SHOTPUT", "Sogu", "TIGERPLUG", "TTCalc", "TVT", "Thoper", "Xamtrav", "remotecmd", "shareip", "w32times" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434697, "ts_updated_at": 1775826755, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/619d1203e410720c01cfe874cf001e019c20caa1.pdf", "text": "https://archive.orkl.eu/619d1203e410720c01cfe874cf001e019c20caa1.txt", "img": "https://archive.orkl.eu/619d1203e410720c01cfe874cf001e019c20caa1.jpg" } }