2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 301–350 of 1,546 in Other · page 7 of 31
| ID | Title | Summary |
|---|---|---|
| DarkSpectre | DarkSpectre | |
| DARKSPECTRE | DarkSpectre | |
| DarkVishnya | DarkVishnya | Dubbed DarkVishnya, the attacks targeted at least eight banks using readily-available gear such as netbooks or inexpensive laptops, Raspberry Pi mini-computers… |
| DARKVISHNYA | DarkVishnya | Dubbed DarkVishnya, the attacks targeted at least eight banks using readily-available gear such as netbooks or inexpensive laptops, Raspberry Pi mini-computers… |
| DEADEYE-JACKAL | Deadeye Jackal | The Syrian Electronic Army (SEA) is a group of computer hackers which first surfaced online in 2011 to support the government of Syrian President Bashar al-Ass… |
| DefrayX | DefrayX | DefrayX is a threat actor group known for their RansomExx ransomware operations. They primarily target Linux operating systems, but also release versions for W… |
| DEFRAYX | DefrayX | DefrayX is a threat actor group known for their RansomExx ransomware operations. They primarily target Linux operating systems, but also release versions for W… |
| DENIM-TSUNAMI | Denim Tsunami | Denim Tsunami is a threat actor group that has been involved in targeted attacks against European and Central American customers. They have been observed using… |
| Desorden Group | Desorden Group | Desorden (Disorder in Spanish, previously known as ChaosCC), is a financially motivated hacker group. The group first emerged under the new name Desorden in Se… |
| DESORDEN-GROUP | Desorden Group | Desorden (Disorder in Spanish, previously known as ChaosCC), is a financially motivated hacker group. The group first emerged under the new name Desorden in Se… |
| DEV-0147 | DEV-0147 | DEV-0147 is a China-based cyber espionage actor was observed compromising diplomatic targets in South America, a notable expansion of the group's data exfiltra… |
| DEV-0270 | DEV-0270 | Microsoft threat intelligence teams have been tracking multiple ransomware campaigns and have tied these attacks to DEV-0270, also known as Nemesis Kitten, a s… |
| DEV-0569 | DEV-0569 | DEV-0569, also known as Storm-0569, is a threat actor group that has been observed deploying the Royal ransomware. They utilize malicious ads and phishing tech… |
| DEV-0569 | DEV-0569 | DEV-0569, also known as Storm-0569, is a threat actor group that has been observed deploying the Royal ransomware. They utilize malicious ads and phishing tech… |
| DEV-0586 | DEV-0586 | MSTIC has not found any notable associations between this observed activity, tracked as DEV-0586, and other known activity groups. MSTIC assesses that the malw… |
| DEV-0928 | DEV-0928 | DEV-0928 is a threat actor that has been tracked by Microsoft since September 2022. They are known for their involvement in high-volume phishing campaigns, usi… |
| DEV-0928 | DEV-0928 | DEV-0928 is a threat actor that has been tracked by Microsoft since September 2022. They are known for their involvement in high-volume phishing campaigns, usi… |
| DEV-0950 | DEV-0950 | Lace Tempest, also known as DEV-0950, is a threat actor that exploited vulnerabilities in software such as SysAid and PaperCut to gain unauthorized access to s… |
| DEV-0950 | DEV-0950 | Lace Tempest, also known as DEV-0950, is a threat actor that exploited vulnerabilities in software such as SysAid and PaperCut to gain unauthorized access to s… |
| DEV-1028 | DEV-1028 | DEV-1028 is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: Microsoft reported on MCCrash, an IoT botnet operated by the DEV-1028… |
| DEV-1028 | DEV-1028 | Microsoft reported on MCCrash, an IoT botnet operated by the DEV-1028 threat actor and used to launch DDoS attacks against private Minecraft servers. |
| DEXTOROUS SPIDER | DEXTOROUS SPIDER | |
| DEXTOROUS-SPIDER | DEXTOROUS SPIDER | |
| DICEYF | DiceyF | DiceyF is an advanced persistent threat group that has been targeting online casinos and other victims in Southeast Asia for an extended period. They have exhi… |
| DieNet | DieNet | DieNet is a hacktivist group that emerged in March 2025, known for conducting DDoS attacks targeting entities associated with political figures, such as Trump … |
| DIENET | DieNet | DieNet is a hacktivist group that emerged in March 2025, known for conducting DDoS attacks targeting entities associated with political figures, such as Trump … |
| DIZZY PANDA | DIZZY PANDA | DIZZY PANDA is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as LadyBoyle. Original record: DIZZY PANDA is a threat ac… |
| DIZZY-PANDA | DIZZY PANDA | |
| DNSpionage | DNSpionage | Cisco Talos recently discovered a new campaign targeting Lebanon and the United Arab Emirates (UAE) affecting .gov domains, as well as a private Lebanese airli… |
| DNSPIONAGE | DNSpionage | Cisco Talos recently discovered a new campaign targeting Lebanon and the United Arab Emirates (UAE) affecting .gov domains, as well as a private Lebanese airli… |
| DOMESTIC-KITTEN | Domestic Kitten | An extensive surveillance operation targets specific groups of individuals with malicious mobile apps that collect sensitive information on the device along wi… |
| DOPPEL SPIDER | DOPPEL SPIDER | In June 2019, CrowdStrike Intelligence observed a source code fork of BitPaymer and began tracking the new ransomware strain as DoppelPaymer. Further technical… |
| DOPPEL-SPIDER | DOPPEL SPIDER | In June 2019, CrowdStrike Intelligence observed a source code fork of BitPaymer and began tracking the new ransomware strain as DoppelPaymer. Further technical… |
| DragonBreath | DragonBreath | Golden Eye Dog targets Chinese-speaking users engaged in online gambling, employing techniques such as SERP poisoning, social engineering, and DDoS attacks. Th… |
| DRAGONBREATH | DragonBreath | Golden Eye Dog targets Chinese-speaking users engaged in online gambling, employing techniques such as SERP poisoning, social engineering, and DDoS attacks. Th… |
| DRAGONBRIDGE | Dragonbridge | DRAGONBRIDGE is a Chinese state-sponsored threat actor known for engaging in information operations to promote the political interests of the People's Republic… |
| DRAGONFORCE | DragonForce | DragonForce is a hacktivist group based in Malaysia that has been involved in cyberattacks targeting government institutions and commercial organizations in In… |
| DRAGONOK | DragonOK | Threat group that has targeted Japanese organizations with phishing emails. Due to overlapping TTPs, including similar custom tools, DragonOK is thought to hav… |
| DragonRank | DragonRank | DragonRank is a threat actor primarily targeting web application services in Asia and Europe, utilizing TTPs associated with Simplified Chinese-speaking hackin… |
| DRAGONRANK | DragonRank | DragonRank is a threat actor primarily targeting web application services in Asia and Europe, utilizing TTPs associated with Simplified Chinese-speaking hackin… |
| DRAGONSPARK | DragonSpark | DragonSpark is a threat actor that has been conducting attacks primarily targeting organizations in East Asia. They utilize the open-source tool SparkRAT, whic… |
| DRIFTINGCLOUD | DriftingCloud | DriftingCloud is a persistent threat actor known for targeting various industries and locations. They are skilled at developing or acquiring zero-day exploits … |
| DRIVESURGE | DriveSurge | DriveSurge compromises legitimate websites to inject scripts that route visitors through zTDS, leading them to fake browser updates and ClickFix-style prompts.… |
| DUNGEON SPIDER | DUNGEON SPIDER | DUNGEON SPIDER is a criminal group operating the ransomware most commonly known as Locky, which has been active since February 2016 and was last observed in la… |
| DUNGEON-SPIDER | DUNGEON SPIDER | DUNGEON SPIDER is a criminal group operating the ransomware most commonly known as Locky, which has been active since February 2016 and was last observed in la… |
| Dust Storm | Dust Storm | Dust Storm is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as G0031. Original record: Threat actors behind the Operat… |
| DUST-STORM | Dust Storm | Threat actors behind the Operation Dust Storm have been active since at least 2010, the hackers targeted several organizations in Japan, South Korea, the US, E… |
| DUSTSQUAD | DustSquad | Prodaft researchers have published a report on Paperbug, a cyber-espionage campaign carried out by suspected Russian-speaking group Nomadic Octopus and which t… |
| EARTH-ALUX | Earth Alux | Earth Alux is a China-linked APT group known for conducting cyberespionage attacks across various sectors, including government, technology, and telecommunicat… |
| EARTH-BAXIA | Earth Baxia | Earth Baxia is a threat actor opearting out of China, targeting government organizations in Taiwan and potentially across the APAC region, using spear-phishing… |