2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1,201–1,250 of 1,546 in Other · page 25 of 31
| ID | Title | Summary |
|---|---|---|
| TA578 | TA578 | TA578, a threat actor that Proofpoint researchers have been tracking since May of 2020. TA578 has previously been observed in email-based campaigns delivering … |
| TA578 | TA578 | TA578, a threat actor that Proofpoint researchers have been tracking since May of 2020. TA578 has previously been observed in email-based campaigns delivering … |
| TA579 | TA579 | TA579 is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: TA579, a threat actor that Proofpoint researchers have been tracking sin… |
| TA579 | TA579 | TA579, a threat actor that Proofpoint researchers have been tracking since August 2021. This actor frequently delivered BazaLoader and IcedID in past campaigns. |
| TA584 | TA584 | TA584 is a prominent initial access broker tracked by Proofpoint since November 2020, known for its high-volume campaigns targeting organizations globally. The… |
| TA584 | TA584 | TA584 is a prominent initial access broker tracked by Proofpoint since November 2020, known for its high-volume campaigns targeting organizations globally. The… |
| TA800 | TA800 | This attacker is an affiliate distributor of the The Trick, also known as Trickbot, and BazaLoader. (For more on how affiliates work, see the description of TA… |
| TA800 | TA800 | This attacker is an affiliate distributor of the The Trick, also known as Trickbot, and BazaLoader. (For more on how affiliates work, see the description of TA… |
| TA829 | TA829 | TA829 is a Russia-aligned threat actor that employs the RomCom RAT for intelligence-gathering and financially motivated cyberattacks, exploiting zero-day vulne… |
| TA866 | TA866 | According to Proofpoint, TA866 is a newly identified threat actor that distributes malware via email utilizing both commodity and custom tools. While most of t… |
| TA866 | TA866 | According to Proofpoint, TA866 is a newly identified threat actor that distributes malware via email utilizing both commodity and custom tools. While most of t… |
| TAG-112 | TAG-112 | TAG-112 is a Chinese state-sponsored APT that compromised Tibetan websites, including Tibet Post and Gyudmed Tantric University, to deliver Cobalt Strike malwa… |
| TAG-124 | TAG-124 | TAG-124 is a threat actor that employs a traffic distribution system to distribute malware, primarily using MintsLoader and targeting various sectors through p… |
| TAG-124 | TAG-124 | TAG-124 is a threat actor that employs a traffic distribution system to distribute malware, primarily using MintsLoader and targeting various sectors through p… |
| TAG-140 | TAG-140 | TAG-140 is a threat actor group that primarily targets Indian government entities, employing cyber espionage tactics such as phishing and malware campaigns. Th… |
| TAG-28 | TAG-28 | TAG-28 is a Chinese state-sponsored threat actor that has been targeting Indian organizations, including media conglomerates and government agencies. They have… |
| TAG-56 | TAG-56 | TAG-56 is a threat actor group that shares similarities with the APT42 group. They use tactics such as fake registration pages and spearphishing to target vict… |
| Taidoor | Taidoor | The Taidoor attackers have been actively engaging in targeted attacks since at least March 4, 2009. Despite some exceptions, the Taidoor campaign often used Ta… |
| TAIDOOR | Taidoor | The Taidoor attackers have been actively engaging in targeted attacks since at least March 4, 2009. Despite some exceptions, the Taidoor campaign often used Ta… |
| TASKMASTERS | TaskMasters | TaskMasters is a state-sponsored Chinese APT that has been active since at least 2010, primarily targeting industrial, energy, and government sectors in Russia… |
| Team-Xecuter | Team-Xecuter | Team-Xecuter is a hacking group led by Gary Bowser, also known as GaryOPA. They were involved in a piracy conspiracy against Nintendo, creating and selling ill… |
| TEAM-XECUTER | Team-Xecuter | Team-Xecuter is a hacking group led by Gary Bowser, also known as GaryOPA. They were involved in a piracy conspiracy against Nintendo, creating and selling ill… |
| Team46 | Team46 | Team46 is a sophisticated APT group active since at least late 2024, targeting Russian government, academic, and media organizations through spearphishing emai… |
| TEAM46 | Team46 | Team46 is a sophisticated APT group active since at least late 2024, targeting Russian government, academic, and media organizations through spearphishing emai… |
| TeamPCP | TeamPCP | TeamPCP is a threat actor that has executed a coordinated series of supply chain attacks, compromising widely-used open source tools such as Trivy, KICS, and L… |
| TEAMPCP | TeamPCP | TeamPCP is a threat actor that has executed a coordinated series of supply chain attacks, compromising widely-used open source tools such as Trivy, KICS, and L… |
| TEAMSPY-CREW | TeamSpy Crew | Researchers have uncovered a long-term cyber-espionage campaign that used a combination of legitimate software packages and commodity malware tools to target a… |
| TeamTNT | TeamTNT | In early Febuary, 2021 TeamTNT launched a new campaign against Docker and Kubernetes environments. Using a collection of container images that are hosted in Do… |
| TEAMTNT | TeamTNT | In early Febuary, 2021 TeamTNT launched a new campaign against Docker and Kubernetes environments. Using a collection of container images that are hosted in Do… |
| TeamXRat | TeamXRat | TeamXRat is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as CorporacaoXRat, CorporationXRat. Original record: TeamXRa… |
| TEAMXRAT | TeamXRat | |
| TELEBOYI | Teleboyi | Teleboyi is a threat actor reportedly based in China, associated with the PlugX RAT. TeamT5 identified a custom PlugX loader used by Teleboyi that employs a si… |
| TEMP-HERETIC | TEMP_Heretic | TEMP_Heretic is a threat actor that has been observed engaging in targeted spear-phishing campaigns. They exploit vulnerabilities in email platforms, such as Z… |
| TEMP-HERMIT | TEMP.Hermit | |
| TEMP.Veles | TEMP.Veles | TEMP.Veles is a Russia-based threat group that has targeted critical infrastructure. The group has been observed utilizing TRITON, a malware framework designed… |
| TEMP-VELES | TEMP.Veles | TEMP.Veles is a Russia-based threat group that has targeted critical infrastructure. The group has been observed utilizing TRITON, a malware framework designed… |
| TEMPER-PANDA | TEMPER PANDA | China-based cyber threat group. It has previously used newsworthy events as lures to deliver malware and has primarily targeted organizations involved in finan… |
| TEMPTICK | TempTick | This threat actor targets organizations in the finance, defense, aerospace, technology, health-care, and automotive sectors and media organizations in East Asi… |
| TERBIUM | TERBIUM | Microsoft Threat Intelligence identified similarities between this recent attack and previous 2012 attacks against tens of thousands of computers belonging to … |
| TERBIUM | TERBIUM | Microsoft Threat Intelligence identified similarities between this recent attack and previous 2012 attacks against tens of thousands of computers belonging to … |
| TEST-PANDA | TEST PANDA | |
| TetrisPhantom | TetrisPhantom | TetrisPhantom relies on compromising of certain type of secure USB drives that provide hardware encryption and is commonly used by government organizations. Wh… |
| TETRISPHANTOM | TetrisPhantom | TetrisPhantom relies on compromising of certain type of secure USB drives that provide hardware encryption and is commonly used by government organizations. Wh… |
| The Big Bang | The Big Bang | While it is not clear exactly what the attacker is looking for, what is clear is that once he finds it, a second stage of the attack awaits, fetching additiona… |
| THE-BIG-BANG | The Big Bang | While it is not clear exactly what the attacker is looking for, what is clear is that once he finds it, a second stage of the attack awaits, fetching additiona… |
| The Gentlemen | The Gentlemen | The Gentlemen is a ransomware group that employs a dual-extortion strategy, encrypting sensitive files while exfiltrating critical business data to pressure vi… |
| THE-GENTLEMEN | The Gentlemen | The Gentlemen is a ransomware group that employs a dual-extortion strategy, encrypting sensitive files while exfiltrating critical business data to pressure vi… |
| The Gorgon Group | The Gorgon Group | Unit 42 researchers have been tracking Subaat, an attacker, since 2017. Recently Subaat drew our attention due to renewed targeted attack activity. Part of mon… |
| THE-GORGON-GROUP | The Gorgon Group | Unit 42 researchers have been tracking Subaat, an attacker, since 2017. Recently Subaat drew our attention due to renewed targeted attack activity. Part of mon… |
| The Shadow Brokers | The Shadow Brokers | The Shadow Brokers (TSB) is a hacker group who first appeared in the summer of 2016. They published several leaks containing hacking tools from the National Se… |