2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 851–900 of 1,546 in Other · page 18 of 31
| ID | Title | Summary |
|---|---|---|
| Pickaxe | Pickaxe | Prying Libra, also known as Pickaxe, is a threat actor active since at least August 2017, and continues to remain active to this day. The adversary's goal is t… |
| PICKAXE | Pickaxe | Prying Libra, also known as Pickaxe, is a threat actor active since at least August 2017, and continues to remain active to this day. The adversary's goal is t… |
| PINCHY SPIDER | PINCHY SPIDER | First observed in January 2018, GandCrab ransomware quickly began to proliferate and receive regular updates from its developer, PINCHY SPIDER, which over the … |
| PINCHY-SPIDER | PINCHY SPIDER | First observed in January 2018, GandCrab ransomware quickly began to proliferate and receive regular updates from its developer, PINCHY SPIDER, which over the … |
| PINK-SANDSTORM | Pink Sandstorm | Agonizing Serpens is an Iranian-linked APT group that has been active since 2020. They are known for their destructive wiper and fake-ransomware attacks, prima… |
| PIZZO-SPIDER | PIZZO SPIDER | |
| PLATINUM | PLATINUM | PLATINUM has been targeting its victims since at least as early as 2009, and may have been active for several years prior. Its activities are distinctly differ… |
| PLATINUM | PLATINUM | PLATINUM has been targeting its victims since at least as early as 2009, and may have been active for several years prior. Its activities are distinctly differ… |
| PLUSHDAEMON | PlushDaemon | PlushDaemon is a China-aligned APT group that has conducted cyberespionage operations against targets in China, Taiwan, Hong Kong, South Korea, the United Stat… |
| POISON CARP | POISON CARP | Between November 2018 and May 2019, senior members of Tibetan groups received malicious links in individually tailored WhatsApp text exchanges with operators p… |
| POISON-CARP | POISON CARP | Between November 2018 and May 2019, senior members of Tibetan groups received malicious links in individually tailored WhatsApp text exchanges with operators p… |
| PoisonSeed | PoisonSeed | PoisonSeed is a threat actor employing an MFA-resistant phishing kit to acquire credentials from individuals and organizations, primarily targeting email infra… |
| POISONSEED | PoisonSeed | PoisonSeed is a threat actor employing an MFA-resistant phishing kit to acquire credentials from individuals and organizations, primarily targeting email infra… |
| POISONUS-PANDA | POISONUS PANDA | |
| POLONIUM | POLONIUM | Microsoft successfully detected and disabled attack activity abusing OneDrive by a previously undocumented Lebanon-based activity group Microsoft Threat Intell… |
| POSEIDON-GROUP | Poseidon Group | Poseidon Group is a Portuguese-speaking threat group that has been active since at least 2005. The group has a history of using information exfiltrated from vi… |
| PowerPool | PowerPool | Malware developers have started to use the zero-day exploit for Task Scheduler component in Windows, two days after proof-of-concept code for the vulnerability… |
| POWERPOOL | PowerPool | Malware developers have started to use the zero-day exploit for Task Scheduler component in Windows, two days after proof-of-concept code for the vulnerability… |
| PREDATOR-PANDA | PREDATOR PANDA | |
| Predatory Sparrow | Predatory Sparrow | Predatory Sparrow is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Indra, Gonjeshke Darande. Operational targeting … |
| PREDATORY-SPARROW | Predatory Sparrow | A self-proclaimed hacktivist group that carried out attacks against Iranian railway systems and against Iranian steel plants. |
| ProCC | ProCC | ProCC is a threat actor targeting the hospitality sector with remote access Trojan malware. They use email attachments to exploit vulnerabilities like CVE-2017… |
| PROCC | ProCC | ProCC is a threat actor targeting the hospitality sector with remote access Trojan malware. They use email attachments to exploit vulnerabilities like CVE-2017… |
| PROJECTSAURON | ProjectSauron | ProjectSauron is the name for a top level modular cyber-espionage platform, designed to enable and manage long-term campaigns through stealthy survival mechani… |
| Prolific Puma | Prolific Puma | Prolific Puma provides an underground link shortening service to criminals. Infoblox states that during analysis, no legitimate content was observed being serv… |
| PROLIFIC-PUMA | Prolific Puma | Prolific Puma provides an underground link shortening service to criminals. Infoblox states that during analysis, no legitimate content was observed being serv… |
| PROMETHIUM | PROMETHIUM | PROMETHIUM is an activity group that has been active as early as 2012. The group primarily uses Truvasys, a first-stage malware that has been in circulation fo… |
| Prophet Spider | Prophet Spider | PROPHET SPIDER is an eCrime actor, active since at least May 2017, that primarily gains access to victims by compromising vulnerable web servers, which commonl… |
| PROPHET-SPIDER | Prophet Spider | PROPHET SPIDER is an eCrime actor, active since at least May 2017, that primarily gains access to victims by compromising vulnerable web servers, which commonl… |
| PUNK-003 | puNK-003 | puNK-003 is a North Korean APT group known for deploying the Lilith RAT, a sophisticated C++ remote access trojan, and its AutoIt variant, CURKON, which functi… |
| PURPLEHAZE | PurpleHaze | PurpleHaze is a China-nexus threat actor tracked by SentinelLABS, linked to APT15, known for targeting critical infrastructure sectors such as telecommunicatio… |
| QUILTED-TIGER | QUILTED TIGER | Dropping Elephant (also known as “Chinastrats” and “Patchwork“) is a relatively new threat actor that is targeting a variety of high profile diplomatic and eco… |
| R00TK1T | R00tK1T | R00TK1T is a hacking group known for sophisticated cyber attacks targeting governmental agencies in Malaysia, including data exfiltration from the National Pop… |
| RADIO-PANDA | RADIO PANDA | |
| RAHDIT | RaHDit | RaHDit is a pro-Kremlin hacktivist group known for orchestrating hack-and-leak operations, including the publication of personal information about Ukrainian mi… |
| RANCOR | RANCOR | The Rancor group’s attacks use two primary malware families which are naming DDKONG and PLAINTEE. DDKONG is used throughout the campaign and PLAINTEE appears t… |
| RansomHouse | RansomHouse | This group started operating during the first quarter of 2022. They published samples of alleged stolen data from companies on their site on Tor. It is unclear… |
| RANSOMHOUSE | RansomHouse | This group started operating during the first quarter of 2022. They published samples of alleged stolen data from companies on their site on Tor. It is unclear… |
| RansomHub | RansomHub | RansomHub is a rapidly growing ransomware group believed to be an updated version of the older Knight ransomware. They have been linked to attacks exploiting t… |
| RANSOMHUB | RansomHub | RansomHub is a rapidly growing ransomware group believed to be an updated version of the older Knight ransomware. They have been linked to attacks exploiting t… |
| RansomVC | RansomVC | Ransomed.VC burst onto the scene with a well-orchestrated PR campaign, encompassing a clearnet site and multiple communication channels including Telegram and … |
| RANSOMVC | RansomVC | Ransomed.VC burst onto the scene with a well-orchestrated PR campaign, encompassing a clearnet site and multiple communication channels including Telegram and … |
| RASPBERRY-TYPHOON | Raspberry Typhoon | Microsoft has tracked Raspberry Typhoon (RADIUM) as the primary threat group targeting nations that ring the South China Sea. Raspberry Typhoon consistently ta… |
| RASPITE | RASPITE | Dragos has identified a new activity group targeting access operations in the electric utility sector. We call this activity group RASPITE. Analysis of RASPIT… |
| RASPITE | RASPITE | Dragos has identified a new activity group targeting access operations in the electric utility sector. We call this activity group RASPITE. Analysis of RASPIT… |
| RATPAK SPIDER | RATPAK SPIDER | In July 2018, the source code of Pegasus, RATPAK SPIDER’s malware framework, was anonymously leaked. This malware has been linked to the targeting of Russia’s … |
| RATPAK-SPIDER | RATPAK SPIDER | In July 2018, the source code of Pegasus, RATPAK SPIDER’s malware framework, was anonymously leaked. This malware has been linked to the targeting of Russia’s … |
| RAZOR-TIGER | RAZOR TIGER | An actor mainly targeting Pakistan military targets, active since at least 2012. We have low confidence that this malware might be authored by an Indian compan… |
| REBEL-JACKAL | Rebel Jackal | This is a pro-Islamist organization that generally conducts attacks motivated by real world events in which its members believe that members of the Muslim fait… |
| Reckless Rabbit | Reckless Rabbit | Reckless Rabbit lures victims into investment scams through malicious Facebook advertisements that lead to fake news articles with embedded web forms for perso… |