2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 701–750 of 1,546 in Other · page 15 of 31
| ID | Title | Summary |
|---|---|---|
| MANA-TEAM | Mana Team | |
| Markopolo | Markopolo | Markopolo is a threat actor known for running scams targeting cryptocurrency users through a fake app called Vortax. They use social media and a dedicated blog… |
| MARKOPOLO | Markopolo | Markopolo is a threat actor known for running scams targeting cryptocurrency users through a fake app called Vortax. They use social media and a dedicated blog… |
| Massgrave | Massgrave | Massgrave is a hacking group that has developed a method to bypass Microsoft's software licensing for Windows and Office, enabling permanent activation of vers… |
| MASSGRAVE | Massgrave | Massgrave is a hacking group that has developed a method to bypass Microsoft's software licensing for Windows and Office, enabling permanent activation of vers… |
| Metador | Metador | Metador primarily targets telecommunications, internet service providers, and universities in several countries in the Middle East and Africa. Metador’s attack… |
| METADOR | Metador | Metador primarily targets telecommunications, internet service providers, and universities in several countries in the Middle East and Africa. Metador’s attack… |
| MIMIC SPIDER | MIMIC SPIDER | MIMIC SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: MIMIC SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Ga… |
| MIMIC-SPIDER | MIMIC SPIDER | MIMIC SPIDER is mentioned in two summary reports only |
| Mirage Tiger | Mirage Tiger | Mirage Tiger is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Documented victim organisations include Germany. Original record: Mirage Tiger is … |
| MIRAGE-TIGER | Mirage Tiger | |
| MIRRORFACE | MirrorFace | MirrorFace is a Chinese-speaking advanced persistent threat group that has been targeting high-value organizations in Japan, including media, government, diplo… |
| Mocha Manakin | Mocha Manakin | Mocha Manakin is a threat actor that employs the paste and run technique for initial access, tricking users into executing scripts that download various payloa… |
| MOCHA-MANAKIN | Mocha Manakin | Mocha Manakin is a threat actor that employs the paste and run technique for initial access, tricking users into executing scripts that download various payloa… |
| ModifiedElephant | ModifiedElephant | Our research into these intrusions revealed a decade of persistent malicious activity targeting specific groups and individuals that we now attribute to a prev… |
| MODIFIEDELEPHANT | ModifiedElephant | Our research into these intrusions revealed a decade of persistent malicious activity targeting specific groups and individuals that we now attribute to a prev… |
| MOFANG | Mofang | |
| Mogilevich | Mogilevich | Mogilevich is a ransomware group known for claiming to breach organizations like Epic Games and Ireland's Department of Foreign Affairs, offering stolen data f… |
| MOGILEVICH | Mogilevich | Mogilevich is a ransomware group known for claiming to breach organizations like Epic Games and Ireland's Department of Foreign Affairs, offering stolen data f… |
| Molatori | Molatori | Molatori is a threat actor group identified by Malwarebytes researchers, known for utilizing malicious ScreenConnect clients hosted on domains like atmolatori.… |
| MOLATORI | Molatori | Molatori is a threat actor group identified by Malwarebytes researchers, known for utilizing malicious ScreenConnect clients hosted on domains like atmolatori.… |
| MOLERATS | Molerats | In October 2012, malware attacks against Israeli government targets grabbed media attention as officials temporarily cut off Internet access for its entire pol… |
| MoneyTaker | MoneyTaker | In less than two years, this group has conducted over 20 successful attacks on financial institutions and legal firms in the USA, UK and Russia. The group has … |
| MONEYTAKER | MoneyTaker | In less than two years, this group has conducted over 20 successful attacks on financial institutions and legal firms in the USA, UK and Russia. The group has … |
| MONTY SPIDER | MONTY SPIDER | MONTY SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Spandex Tempest. Original record: Spambots continued … |
| MONTY-SPIDER | MONTY SPIDER | Spambots continued to decline in 2019, with MONTY SPIDER’s CraP2P spambot falling silent in April. |
| MORA-001 | Mora_001 | Mora_001 is a threat actor exhibiting a distinct operational signature that combines opportunistic attacks with ties to the LockBit ecosystem. The actor has be… |
| MORH4X | MORH4x | MORH4x is a self-proclaimed Moroccan hacking group that claimed responsibility for a data leak from Algeria's pharmaceutical industry ministry. The group annou… |
| MOSESSTAFF | MosesStaff | Cybereason Nocturnus describes Moses Staff as an Iranian hacker group, first spotted in October 2021. Their motivation appears to be to harm Israeli companies … |
| MOSHEN-DRAGON | Moshen Dragon | Moshen Dragon is a Chinese-aligned cyberespionage threat actor operating in Central Asia. They have been observed deploying multiple malware triads and utilizi… |
| Moskalvzapoe | Moskalvzapoe | Moskalvzapoe is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as MAN1, TA511. Original record: Moskalvzapoe is a threa… |
| MOSKALVZAPOE | Moskalvzapoe | |
| MOUSTACHEDBOUNCER | MoustachedBouncer | MoustachedBouncer is a cyberespionage group discovered by ESET Research and first publicly disclosed in August 2023. The group has been active since at least 2… |
| Mr_Rot13 | Mr_Rot13 | Mr_Rot13 is a stable hacking group identified through a PHP backdoor and a Downloader domain linked to a C2 infrastructure active since 2020. They utilize the … |
| MR-ROT13 | Mr_Rot13 | Mr_Rot13 is a stable hacking group identified through a PHP backdoor and a Downloader domain linked to a C2 infrastructure active since 2020. They utilize the … |
| MUDDYWATER | MuddyWater | The MuddyWater attacks are primarily against Middle Eastern nations. However, we have also observed attacks against surrounding nations and beyond, including t… |
| MUMMY SPIDER | MUMMY SPIDER | MUMMY SPIDER is a criminal entity linked to the core development of the malware most commonly known as Emotet or Geodo. First observed in mid-2014, this malwar… |
| MUMMY-SPIDER | MUMMY SPIDER | MUMMY SPIDER is a criminal entity linked to the core development of the malware most commonly known as Emotet or Geodo. First observed in mid-2014, this malwar… |
| MurenShark | MurenShark | MurenShark is an advanced persistent threat group that operates primarily in the Middle East, with a focus on targeting Turkey. They have shown interest in mil… |
| MURENSHARK | MurenShark | MurenShark is an advanced persistent threat group that operates primarily in the Middle East, with a focus on targeting Turkey. They have shown interest in mil… |
| MUSTANG-PANDA | MUSTANG PANDA | This threat actor targets nongovernmental organizations using Mongolian-themed lures for espionage purposes. In April 2017, CrowdStrike Falcon Intelligence obs… |
| Mustard Tempest | Mustard Tempest | Mustard Tempest is a threat actor that primarily uses malvertising as their main technique to gain access to and profile networks. They deploy FakeUpdates, dis… |
| MUSTARD-TEMPEST | Mustard Tempest | Mustard Tempest is a threat actor that primarily uses malvertising as their main technique to gain access to and profile networks. They deploy FakeUpdates, dis… |
| Mythic Likho | Mythic Likho | Arcane Werewolf has been observed targeting Russian manufacturing enterprises through phishing emails that lead to malicious links and spoofed websites. The ac… |
| MYTHIC-LIKHO | Mythic Likho | Arcane Werewolf has been observed targeting Russian manufacturing enterprises through phishing emails that lead to malicious links and spoofed websites. The ac… |
| N4UGHTYSECTU | N4ughtysecTU | In March 2022, a hacking group calling themselves N4ughtySecTU claimed to have breached TransUnion’s systems and threatened to leak four terabytes of data if t… |
| NAIKON | Naikon | Kaspersky described Naikon in a 2015 report as: 'The Naikon group is mostly active in countries such as the Philippines, Malaysia, Cambodia, Indonesia, Vietnam… |
| Nam3L3ss | Nam3L3ss | Nam3L3ss is a threat actor who has leaked data from 25 companies, including over 2.8 million lines of Amazon employee data, which was confirmed to be stolen fr… |
| NAM3L3SS | Nam3L3ss | Nam3L3ss is a threat actor who has leaked data from 25 companies, including over 2.8 million lines of Amazon employee data, which was confirmed to be stolen fr… |
| NARKETING163 | Narketing163 | Narketing163 is a financially motivated threat actor named after one of their frequently used email addresses (narketing163@gmail.com). Active since at least J… |