2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 651–700 of 1,546 in Other · page 14 of 31
| ID | Title | Summary |
|---|---|---|
| LARVA-208 | Larva-208 | LARVA-208 is a financially motivated threat actor employing sophisticated phishing campaigns to harvest credentials and deploy ransomware. The actor uses multi… |
| LARVA-24005 | Larva-24005 | Larva-24005 is a threat actor that breaches servers in Korea to establish a web server and PHP environment for phishing attacks, primarily targeting individual… |
| Larva-24010 | Larva-24010 | The Larva-24010 threat actor is distributing malware through the website of a Korean VPN service provider. As a result, when a user downloads and runs the inst… |
| LARVA-24010 | Larva-24010 | The Larva-24010 threat actor is distributing malware through the website of a Korean VPN service provider. As a result, when a user downloads and runs the inst… |
| Larva-26002 | Larva-26002 | Larva-26002 targets improperly managed MS-SQL servers, exploiting vulnerabilities such as brute force and dictionary attacks. The actor has distributed Trigona… |
| LARVA-26002 | Larva-26002 | Larva-26002 targets improperly managed MS-SQL servers, exploiting vulnerabilities such as brute force and dictionary attacks. The actor has distributed Trigona… |
| Larva‑25012 | Larva‑25012 | Larva‑25012 is a threat actor known for deploying Proxyware, utilizing malware disguised as a Notepad++ installer. The actor injects Proxyware into the Windows… |
| LARVA-25012 | Larva‑25012 | Larva‑25012 is a threat actor known for deploying Proxyware, utilizing malware disguised as a Notepad++ installer. The actor injects Proxyware into the Windows… |
| LAZARUS-GROUP | Lazarus Group | Since 2009, HIDDEN COBRA actors have leveraged their capabilities to target and compromise a range of victims; some intrusions have resulted in the exfiltratio… |
| LIBYAN-SCORPIONS | Libyan Scorpions | Libyan Scorpions is a malware operation in use since September 2015 and operated by a politically motivated group whose main objective is intelligence gatherin… |
| Lifting Zmiy | Lifting Zmiy | Rostelecom's security team has discovered a new APT group that is breaching companies via industrial PLCs. Named Lifting Zmiy, the group's first attacks were t… |
| LIFTING-ZMIY | Lifting Zmiy | Rostelecom's security team has discovered a new APT group that is breaching companies via industrial PLCs. Named Lifting Zmiy, the group's first attacks were t… |
| LightBasin | LightBasin | UNC1945 is an APT group that has been targeting telecommunications companies globally. They use Linux-based implants to maintain long-term access in compromise… |
| LIGHTBASIN | LightBasin | UNC1945 is an APT group that has been targeting telecommunications companies globally. They use Linux-based implants to maintain long-term access in compromise… |
| LILAC-TYPHOON | Lilac Typhoon | Lilac Typhoon is a threat actor attributed to China. They have been identified as exploiting the Atlassian Confluence RCE vulnerability CVE-2022-26134, which a… |
| LilacSquid | LilacSquid | LilacSquid is an APT actor targeting a variety of industries worldwide since at least 2021. They use tactics such as exploiting vulnerabilities and compromised… |
| LILACSQUID | LilacSquid | LilacSquid is an APT actor targeting a variety of industries worldwide since at least 2021. They use tactics such as exploiting vulnerabilities and compromised… |
| LIMINAL-PANDA | LIMINAL PANDA | LIMINAL PANDA is a China-nexus APT that targets telecommunications entities, employing custom malware and publicly available tools for covert access, C2, and d… |
| LinkC Pub | LinkC Pub | Linkc is a newly emerged ransomware group that operates an onion-based data leak site and has claimed one victim, a U.S.-based AI and cloud service provider, H… |
| LINKC-PUB | LinkC Pub | Linkc is a newly emerged ransomware group that operates an onion-based data leak site and has claimed one victim, a U.S.-based AI and cloud service provider, H… |
| LofyGang | LofyGang | LofyGang has been found to be linked to more than 200 malicious packages, with thousands of installations throughout 2022. The group, believed to have been ope… |
| LOFYGANG | LofyGang | LofyGang has been found to be linked to more than 200 malicious packages, with thousands of installations throughout 2022. The group, believed to have been ope… |
| LONGHORN | Longhorn | Longhorn has been active since at least 2011. It has used a range of back door Trojans in addition to zero-day vulnerabilities to compromise its targets. Longh… |
| LONGNOSEDGOBLIN | LongNosedGoblin | LongNosedGoblin is a China-aligned APT group targeting governmental entities in Southeast Asia and Japan for cyberespionage. The group employs Group Policy for… |
| LOTUS-PANDA | LOTUS PANDA | Lotus Blossom is a threat group that has targeted government and military organizations in Southeast Asia. |
| Lucky Cat | Lucky Cat | A series of attacks, targeting both Indian military research and south Asian shipping organizations, demonstrate the minimum level of effort required to succes… |
| LUCKY-CAT | Lucky Cat | A series of attacks, targeting both Indian military research and south Asian shipping organizations, demonstrate the minimum level of effort required to succes… |
| LulzIntel | LulzIntel | The threat actor lulzintel has claimed responsibility for multiple data breaches, including those of vegehome.pl, Almaex, Smaregi, and Kin Teck Tong, exposing … |
| LULZINTEL | LulzIntel | The threat actor lulzintel has claimed responsibility for multiple data breaches, including those of vegehome.pl, Almaex, Smaregi, and Kin Teck Tong, exposing … |
| LulzSec Black | LulzSec Black | LulzSec Black is a hacktivist group that has claimed responsibility for coordinated DDoS attacks against Cyprus' government and critical infrastructure in resp… |
| LULZSEC-BLACK | LulzSec Black | LulzSec Black is a hacktivist group that has claimed responsibility for coordinated DDoS attacks against Cyprus' government and critical infrastructure in resp… |
| Luna Moth | Luna Moth | Luna Moth conducts high-tempo callback phishing campaigns targeting legal and financial organizations in the U.S., using social engineering to lure victims int… |
| LUNA-MOTH | Luna Moth | Luna Moth conducts high-tempo callback phishing campaigns targeting legal and financial organizations in the U.S., using social engineering to lure victims int… |
| LUNAR SPIDER | LUNAR SPIDER | According to CrowdStrike, this actor is using BokBok/IcedID, potentially buying distribution through Emotet infections. On March 17, 2019, CrowdStrike Intellig… |
| LUNAR-SPIDER | LUNAR SPIDER | According to CrowdStrike, this actor is using BokBok/IcedID, potentially buying distribution through Emotet infections. On March 17, 2019, CrowdStrike Intellig… |
| luoxk | luoxk | luoxk is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: luoxk is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Or… |
| LUOXK | luoxk | Luoxk is a malware campaign targeting web servers throughout Asia, Europe and North America. |
| LYCEUM | LYCEUM | Lyceum is an Iranian APT group that has been active since at least 2014. They primarily target Middle Eastern governments and organizations in the energy and t… |
| MADI | Madi | Kaspersky Lab and Seculert worked together to sinkhole the Madi Command & Control (C&C) servers to monitor the campaign. Kaspersky Lab and Seculert identified … |
| MageCart | MageCart | MageCart is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: Digital threat management company RiskIQ tracks the activity of MageC… |
| MAGECART | MageCart | Digital threat management company RiskIQ tracks the activity of MageCart group and reported their use of web-based card skimmers since 2016. |
| MAGIC-KITTEN | Magic Kitten | Earliest activity back to November 2008. An established group of cyber attackers based in Iran, who carried on several campaigns in 2013, including a series of… |
| MAGNETIC-SPIDER | MAGNETIC SPIDER | |
| MALKAMAK | MalKamak | MalKamak is an Iranian threat actor that has been operating since at least 2018. They have been involved in highly targeted cyber espionage campaigns against g… |
| MALLARD SPIDER | MALLARD SPIDER | MALLARD SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as GOLD LAGOON. Original record: Crowdstrike tarcks th… |
| MALLARD-SPIDER | MALLARD SPIDER | Crowdstrike tarcks the operators behind the Qbot as MALLARD SPIDER |
| Malsmoke | Malsmoke | Malsmoke primarily targets Japanese users through malvertising campaigns that deliver Zloader malware, often leveraging adult content lures and geographic IP i… |
| MALSMOKE | Malsmoke | Malsmoke primarily targets Japanese users through malvertising campaigns that deliver Zloader malware, often leveraging adult content lures and geographic IP i… |
| Malteiro | Malteiro | Malteiro is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: This group of cybercriminals is named Malteiroby SCILabs, they operat… |
| MALTEIRO | Malteiro | This group of cybercriminals is named Malteiroby SCILabs, they operate and distribute the URSA/Mispadu banking trojan. |