2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 501–550 of 1,546 in Other · page 11 of 31
| ID | Title | Summary |
|---|---|---|
| GOLD SYMPHONY | GOLD SYMPHONY | GOLD SYMPHONY is a financially motivated cybercrime group, likely based in Russia, that is responsible for the development and sale on underground forums of th… |
| GOLD-SYMPHONY | GOLD SYMPHONY | GOLD SYMPHONY is a financially motivated cybercrime group, likely based in Russia, that is responsible for the development and sale on underground forums of th… |
| GOLD WATERFALL | GOLD WATERFALL | GOLD WATERFALL is a group of financially motivated cybercriminals responsible for the creation, distribution, and operation of the Darkside ransomware. Active … |
| GOLD-WATERFALL | GOLD WATERFALL | GOLD WATERFALL is a group of financially motivated cybercriminals responsible for the creation, distribution, and operation of the Darkside ransomware. Active … |
| GOLD WINTER | GOLD WINTER | GOLD WINTER are a financially motivated group, likely based in Russia, who operate the Hades ransomware. Hades activity was first identified in December 2020 a… |
| GOLD-WINTER | GOLD WINTER | GOLD WINTER are a financially motivated group, likely based in Russia, who operate the Hades ransomware. Hades activity was first identified in December 2020 a… |
| GoldenJackal | GoldenJackal | GoldenJackal activity is characterized by the use of compromised WordPress websites as a method to host C2-related logic. Kaspersky believes the attackers uplo… |
| GOLDENJACKAL | GoldenJackal | GoldenJackal activity is characterized by the use of compromised WordPress websites as a method to host C2-related logic. Kaspersky believes the attackers uplo… |
| GOLDFACTORY | GoldFactory | GoldFactory is a threat actor group attributed to developing sophisticated mobile banking malware targeting victims primarily in the Asia-Pacific region, speci… |
| GOPHERWHISPER | GopherWhisper | GopherWhisper is a China-aligned APT that routes C2 traffic through legitimate enterprise platforms like Slack, Discord, and Microsoft 365 Outlook to evade det… |
| Gorilla | Gorilla | Gorilla is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: Gorilla is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341)… |
| GORILLA | Gorilla | Gorilla is a threat-actor operating a DoS-as-a-service service controlled on Telegram. |
| GozNym | GozNym | IBM X-Force Research uncovered a Trojan hybrid spawned from the Nymaim and Gozi ISFB malware. It appears that the operators of Nymaim have recompiled its sourc… |
| GOZNYM | GozNym | IBM X-Force Research uncovered a Trojan hybrid spawned from the Nymaim and Gozi ISFB malware. It appears that the operators of Nymaim have recompiled its sourc… |
| GRAY-SANDSTORM | Gray Sandstorm | Gray Sandstorm is an Iran-linked threat actor that has been active since at least 2012. They have targeted defense technology companies, maritime transportatio… |
| GrayBravo | GrayBravo | TAG-150, also known as GrayBravo, is a sophisticated threat actor responsible for developing multiple custom malware families, including CastleLoader and Castl… |
| GRAYBRAVO | GrayBravo | TAG-150, also known as GrayBravo, is a sophisticated threat actor responsible for developing multiple custom malware families, including CastleLoader and Castl… |
| GrayCharlie | GrayCharlie | GrayCharlie is a threat actor that compromises WordPress sites to inject malicious JavaScript, redirecting visitors to NetSupport RAT payloads via fake browser… |
| GRAYCHARLIE | GrayCharlie | GrayCharlie is a threat actor that compromises WordPress sites to inject malicious JavaScript, redirecting visitors to NetSupport RAT payloads via fake browser… |
| GRAYLING | Grayling | Grayling activity was first observed in early 2023, when a number of victims were identified with distinctive malicious DLL side-loading activity. Grayling app… |
| GREEDYBEAR | GreedyBear | GreedyBear is a sophisticated threat actor responsible for over $1 million in cryptocurrency theft through a campaign involving 150 malicious Firefox extension… |
| GREENBUG | Greenbug | Greenbug was discovered targeting a range of organizations in the Middle East including companies in the aviation, energy, government, investment, and educatio… |
| GREENSPOT | GreenSpot | GreenSpot is an APT group believed to operate from Taiwan, active since at least 2007, primarily targeting government, academic, and military entities in China… |
| GREF | GREF | GREF is a China-aligned APT group that has been active since at least March 2017. They are known for using custom backdoors, loaders, and ancillary tools in th… |
| GreyEnergy | GreyEnergy | GreyEnergy is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: ESET research reveals a successor to the infamous BlackEnergy APT g… |
| GREYENERGY | GreyEnergy | ESET research reveals a successor to the infamous BlackEnergy APT group targeting critical infrastructure, quite possibly in preparation for damaging attacks |
| GREYVIBE | GreyVibe | GREYVIBE is a low-to-moderately sophisticated threat actor associated with Russian state interests, primarily targeting Ukrainian entities. The group employs c… |
| GRIM SPIDER | GRIM SPIDER | GRIM SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom retu… |
| GRIM-SPIDER | GRIM SPIDER | GRIM SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom retu… |
| GROUNDBAIT | Groundbait | Groundbait is a group targeting anti-government separatists in the self-declared Donetsk and Luhansk People’s Republics. |
| Group5 | Group5 | A threat actor using Iranian-language tools, Iranian hosting companies, operating from the Iranian IP space at times was observed targeting the Syrian oppositi… |
| GROUP5 | Group5 | A threat actor using Iranian-language tools, Iranian hosting companies, operating from the Iranian IP space at times was observed targeting the Syrian oppositi… |
| GTFire | GTFire | GTFire is a threat actor that leverages Google Firebase for hosting phishing pages and Google Translate to disguise malicious URLs, effectively bypassing secur… |
| GTFIRE | GTFire | GTFire is a threat actor that leverages Google Firebase for hosting phishing pages and Google Translate to disguise malicious URLs, effectively bypassing secur… |
| GTG-1002 | GTG-1002 | GTG-1002 is a Chinese state-sponsored APT that conducted a large-scale autonomous cyber espionage campaign targeting approximately 30 global organizations acro… |
| Guacamaya | Guacamaya | Guacamaya has conducted multiple hack and leak campaigns against military and police agencies and mining companies across Latin America, which they believe hav… |
| GUACAMAYA | Guacamaya | Guacamaya has conducted multiple hack and leak campaigns against military and police agencies and mining companies across Latin America, which they believe hav… |
| GURU SPIDER | GURU SPIDER | GURU SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: Early in 2018, CrowdStrike Intelligence observed GURU SPIDER suppo… |
| GURU-SPIDER | GURU SPIDER | Early in 2018, CrowdStrike Intelligence observed GURU SPIDER supporting the distribution of multiple crimeware families through its flagship malware loader, Qu… |
| Hacking Team | Hacking Team | The many 0-days that had been collected by Hacking Team and which became publicly available during the breach of their organization in 2015, have been used by … |
| HACKING-TEAM | Hacking Team | The many 0-days that had been collected by Hacking Team and which became publicly available during the breach of their organization in 2015, have been used by … |
| HAFNIUM | HAFNIUM | HAFNIUM primarily targets entities in the United States across a number of industry sectors, including infectious disease researchers, law firms, higher educat… |
| Hagga | Hagga | Hagga is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Aggah, TH-157. Original record: Hagga is believed to have be… |
| HAGGA | Hagga | Hagga is believed to have been using Agent Tesla, 2021’s sixth most prevalent malware, to steal sensitive information from his victims since the latter part of… |
| HANDALA | Handala | Handala is a pro-Palestinian hacktivist group that targets Israeli organizations, employing tactics such as phishing, data theft, extortion, and destructive at… |
| HAZY-TIGER | HAZY TIGER | The Bitter threat group initially started using RAT tools in their campaigns, as the first Bitter versions, for Android released in 2014 were based on the Andr… |
| Head Mare | Head Mare | Head Mare is a hacktivism focussed threat actor group known for targeting Russia and Belarus sectors using a remote access malware called PhantomRAT. They have… |
| HEAD-MARE | Head Mare | Head Mare is a hacktivism focussed threat actor group known for targeting Russia and Belarus sectors using a remote access malware called PhantomRAT. They have… |
| HellHounds | HellHounds | Hellhounds is an APT group targeting organizations in Russia, using a modified version of Pupy RAT called Decoy Dog. They gain initial access through vulnerabl… |
| HELLHOUNDS | HellHounds | Hellhounds is an APT group targeting organizations in Russia, using a modified version of Pupy RAT called Decoy Dog. They gain initial access through vulnerabl… |