KeyBoy (74167065-90b3-4c29-807a-79b6f098e45b)

The actors used a new version of “KeyBoy,” a custom backdoor first disclosed by researchers at Rapid7 in June 2013. Their work outlined the capabilities of the backdoor, and exposed the protocols and algorithms used to hide the network communication and configuration data

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
KeyBoy (28c13455-7f95-40a5-9568-1e8732503507)	Malpedia	KeyBoy (74167065-90b3-4c29-807a-79b6f098e45b)	Tool	1
KeyBoy (74167065-90b3-4c29-807a-79b6f098e45b)	Tool	Yahoyah (a673b4fb-a864-4a5b-94ab-3fc4f5606cc8)	Malpedia	1
KeyBoy (74167065-90b3-4c29-807a-79b6f098e45b)	Tool	Yahoyah (2a16a1d4-a098-4f17-80f3-3cfc6c60b539)	Tool	1
KeyBoy (28c13455-7f95-40a5-9568-1e8732503507)	Malpedia	Yahoyah (2a16a1d4-a098-4f17-80f3-3cfc6c60b539)	Tool	2
Yahoyah (a673b4fb-a864-4a5b-94ab-3fc4f5606cc8)	Malpedia	Yahoyah (2a16a1d4-a098-4f17-80f3-3cfc6c60b539)	Tool	2