2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1,151–1,200 of 1,546 in Other · page 24 of 31
| ID | Title | Summary |
|---|---|---|
| SWEED | SWEED | Cisco Talos recently identified a large number of ongoing malware distribution campaigns linked to a threat actor we're calling "SWEED," including such notable… |
| SYLHET GANG-SG | SYLHET GANG-SG | SYLHET GANG-SG is a hacktivist group that has targeted critical infrastructure and various entities, including the Central European University and the EU Parli… |
| SYLHET-GANG-SG | SYLHET GANG-SG | SYLHET GANG-SG is a hacktivist group that has targeted critical infrastructure and various entities, including the Central European University and the EU Parli… |
| TA2101 | TA2101 | Proofpoint researchers detected campaigns from a relatively new actor, tracked internally as TA2101, targeting German companies and organizations to deliver an… |
| TA2536 | TA2536 | TA2536, which has been active since at least 2015, is likely Nigerian based on its unique linguistic style, tactics and tools. It uses keyloggers such as HawkE… |
| TA2541 | TA2541 | Persistent cybercrime threat actor targeting aviation, aerospace, transportation, manufacturing, and defense industries for years. This threat actor consistent… |
| TA2541 | TA2541 | Persistent cybercrime threat actor targeting aviation, aerospace, transportation, manufacturing, and defense industries for years. This threat actor consistent… |
| TA2552 | TA2552 | Since January 2020, Proofpoint researchers have tracked an actor abusing Microsoft Office 365 (O365) third-party application (3PA) access, with suspected activ… |
| TA2552 | TA2552 | Since January 2020, Proofpoint researchers have tracked an actor abusing Microsoft Office 365 (O365) third-party application (3PA) access, with suspected activ… |
| TA2719 | TA2719 | In late March 2020, Proofpoint researchers began tracking a new actor with a penchant for using NanoCore and later AsyncRAT, popular commodity remote access tr… |
| TA2719 | TA2719 | In late March 2020, Proofpoint researchers began tracking a new actor with a penchant for using NanoCore and later AsyncRAT, popular commodity remote access tr… |
| TA2722 | TA2722 | TA2722 is a highly active threat actor that targets various industries including Shipping/Logistics, Manufacturing, Business Services, Pharmaceutical, and Ener… |
| TA2722 | TA2722 | TA2722 is a highly active threat actor that targets various industries including Shipping/Logistics, Manufacturing, Business Services, Pharmaceutical, and Ener… |
| TA2723 | TA2723 | TA2723 is a financially-motivated, high-volume credential phishing threat actor known for spoofing Microsoft OneDrive, LinkedIn, and DocuSign. Proofpoint Threa… |
| TA2723 | TA2723 | TA2723 is a financially-motivated, high-volume credential phishing threat actor known for spoofing Microsoft OneDrive, LinkedIn, and DocuSign. Proofpoint Threa… |
| TA2725 | TA2725 | TA2725 is a threat actor that has been tracked since March 2022. They primarily target organizations in Brazil and Mexico using Brazilian banking malware and p… |
| TA2725 | TA2725 | TA2725 is a threat actor that has been tracked since March 2022. They primarily target organizations in Brazil and Mexico using Brazilian banking malware and p… |
| TA402 | TA402 | TA402 is an APT group that has been tracked by Proofpoint since 2020. They primarily target government entities in the Middle East and North Africa, with a fo… |
| TA406 | TA406 | TA406 is engaging in malware distribution, phishing, intelligence collection, and cryptocurrency theft, resulting in a wide range of criminal activities. |
| TA410 | TA410 | Early in August 2019, Proofpoint described what appeared to be state-sponsored activity targeting the US utilities sector with malware that we dubbed “Lookback… |
| TA410 | TA410 | Early in August 2019, Proofpoint described what appeared to be state-sponsored activity targeting the US utilities sector with malware that we dubbed “Lookback… |
| TA428 | TA428 | Proofpoint researchers have identified a targeted APT campaign that utilized malicious RTF documents to deliver custom malware to unsuspecting victims. We dubb… |
| TA444 | TA444 | TA444 is a North Korea state-sponsored threat actor that primarily focuses on financially motivated operations. They have been active since at least 2017 and h… |
| TA453 | TA453 | TA453 has employed the use of compromised accounts, malware, and confrontational lures to go after targets with a range of backgrounds from medical researchers… |
| TA455 | TA455 | TA455 is an Iranian APT group targeting the aerospace industry through a campaign known as the “Iranian Dream Job Campaign,” utilizing deceptive job offers to … |
| TA459 | TA459 | |
| TA482 | TA482 | Since early 2022, Proofpoint researchers have observed a prolific threat actor, tracked as TA482, regularly engaging in credential harvesting campaigns that ta… |
| TA4903 | TA4903 | TA4903 is a financially motivated threat actor known for conducting credential phishing and business email compromise campaigns. They target organizations in t… |
| TA4903 | TA4903 | TA4903 is a financially motivated threat actor known for conducting credential phishing and business email compromise campaigns. They target organizations in t… |
| TA4922 | TA4922 | TA4922 is a Chinese-speaking cybercrime cluster that employs localized HR, payroll, tax, and invoice lures to deliver various malware families, including Atlas… |
| TA499 | TA499 | TA499, also known as Vovan and Lexus, is a Russia-aligned threat actor that has aggressively engaged in email campaigns since at least 2021. The threat actor’… |
| TA499 | TA499 | TA499, also known as Vovan and Lexus, is a Russia-aligned threat actor that has aggressively engaged in email campaigns since at least 2021. The threat actor’… |
| TA505 | TA505 | TA505, the name given by Proofpoint, has been in the cybercrime business for at least four years. This is the group behind the infamous Dridex banking trojan a… |
| TA516 | TA516 | This actor typically distributes instances of the SmokeLoader intermediate downloader, which, in turn, downloads additional malware of the actor’s choice -- of… |
| TA516 | TA516 | This actor typically distributes instances of the SmokeLoader intermediate downloader, which, in turn, downloads additional malware of the actor’s choice -- of… |
| TA530 | TA530 | TA530, who we previously examined in relation to large-scale personalized phishing campaigns |
| TA547 | TA547 | TA547 is responsible for many other campaigns since at least November 2017. The other campaigns by the actor were often localized to countries such as Australi… |
| TA547 | TA547 | TA547 is responsible for many other campaigns since at least November 2017. The other campaigns by the actor were often localized to countries such as Australi… |
| TA554 | TA554 | Since May 2018, Proofpoint researchers have observed email campaigns using a new downloader called sLoad. sLoad is a PowerShell downloader that most frequently… |
| TA554 | TA554 | Since May 2018, Proofpoint researchers have observed email campaigns using a new downloader called sLoad. sLoad is a PowerShell downloader that most frequently… |
| TA555 | TA555 | Beginning in May 2018, Proofpoint researchers observed a previously undocumented downloader dubbed AdvisorsBot appearing in malicious email campaigns. The camp… |
| TA555 | TA555 | Beginning in May 2018, Proofpoint researchers observed a previously undocumented downloader dubbed AdvisorsBot appearing in malicious email campaigns. The camp… |
| TA558 | TA558 | Since 2018, security researchers tracked a financially-motivated cybercrime actor, TA558, targeting hospitality, travel, and related industries located in Lati… |
| TA558 | TA558 | Since 2018, security researchers tracked a financially-motivated cybercrime actor, TA558, targeting hospitality, travel, and related industries located in Lati… |
| TA570 | TA570 | One of the most active Qbot malware affiliates, Proofpoint has tracked the large cybercrime threat actor TA570 since 2018. |
| TA571 | TA571 | TA571 is a spam distributor actor known for delivering a variety of malware, including DarkGate, NetSupport RAT, and information stealers. They use phishing em… |
| TA571 | TA571 | TA571 is a spam distributor actor known for delivering a variety of malware, including DarkGate, NetSupport RAT, and information stealers. They use phishing em… |
| TA575 | TA575 | TA575 is a Dridex affiliate tracked by Proofpoint since late 2020. This group distributes malware such as Dridex, Qakbot, and WastedLocker via malicious URLs, … |
| TA575 | TA575 | TA575 is a Dridex affiliate tracked by Proofpoint since late 2020. This group distributes malware such as Dridex, Qakbot, and WastedLocker via malicious URLs, … |
| TA577 | TA577 | TA577 is a prolific cybercrime threat actor tracked by Proofpoint since mid-2020. This actor conducts broad targeting across various industries and geographies… |