KeyBoy

Malware updated 3 days ago (2024-09-05T13:17:48.115Z)
Download STIX
Preview STIX
KeyBoy is a form of malware, a harmful software designed to exploit and damage computer systems. It infects systems through various means such as suspicious downloads, emails, or websites. Once inside a system, it can steal personal information, disrupt operations, or hold data hostage for ransom. KeyBoy possesses a wide range of functionalities including screen grabbing, determining public or WAN IP addresses, gathering extended system information, launching interactive shells for communicating with the victim machine, download and upload functionality, and usage of custom SSL libraries for masquerading C2 traffic. The malware also achieves persistence through the WinLogon\Shell registry key, installed by the dropper’s execution of the Install export from the KeyBoy DLL. The malware has been associated with multiple groups, including TA413, Tropic Trooper (also known as Pirate Panda), Tick, Tonto Team, IceFog, and TA428. There have been observed historical correlations between TA413 and publicly reported Tropic Trooper activity, suggesting some degree of operational overlap. Tropic Trooper, which has been active since 2011, focuses its campaigns against Taiwanese, Philippine, and Hong Kong targets in government, healthcare, transportation, and high-tech industries. KeyBoy appears to be part of a development cycle that is updated only as necessary to evade antivirus detection and basic security controls. Multiple versions of KeyBoy reveal a development cycle focused on avoiding basic antivirus detection. The last observation of this malware was made in February, under the name PIRATE PANDA, also known as APT23 and Tropic Trooper. To aid further research, detailed analyses and indicators of compromise are provided for the KeyBoy samples analyzed.
Description last updated: 2024-09-05T13:16:45.275Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Tropic Trooper
3
Tropic Trooper, also known as KeyBoy and Pirate Panda, is a threat actor group that has been active since 2011. This group has been linked to various cyber attacks, primarily targeting industries in Asia such as manufacturing, semiconductors, materials and composites, technology, chemical, and medic
Pirate Panda
2
Pirate Panda, also known as Tropic Trooper or Keyboy, is a recognized threat actor group that has been active since 2011. As part of the complex landscape of cyber threats, Pirate Panda exhibits significant malicious intent and activity. This group is particularly notable for its operational overlap
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the KeyBoy Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securelist
3 days ago
New malicious web shell from the Tropic Trooper group is found in the Middle East
MITRE
9 months ago
The KeyBoys are back in town
MITRE
2 years ago
Covid-19 Cybersecurity Challenges & Recommendations | CrowdStrike
MITRE
2 years ago
Tropic Trooper’s New Strategy
MITRE
2 years ago
Exchange servers under siege from at least 10 APT groups | WeLiveSecurity
MITRE
2 years ago
It’s Parliamentary: KeyBoy and the targeting of the Tibetan Community - The Citizen Lab
Recorded Future
2 years ago
Chinese State-Sponsored Group TA413 Adopts New Capabilities in Pursuit of Tibetan Targets | Recorded Future
Recorded Future
2 years ago
Chinese State-Sponsored Group TA413 Adopts New Capabilities in Pursuit of Tibetan Targets | Recorded Future