2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 651–700 of 2,004 · page 14 of 41
| ID | Title | Summary |
|---|---|---|
| GOLD GALLEON | GOLD GALLEON | GOLD GALLEON is a financially motivated cybercriminal threat group comprised of at least 20 criminal associates that collectively carry out business email comp… |
| GOLD-GALLEON | GOLD GALLEON | GOLD GALLEON is a financially motivated cybercriminal threat group comprised of at least 20 criminal associates that collectively carry out business email comp… |
| GOLD GARDEN | GOLD GARDEN | GOLD GARDEN was a financially motivated cybercriminal threat group that authored and operated the GandCrab ransomware from January 2018 through May 2019. GandC… |
| GOLD-GARDEN | GOLD GARDEN | GOLD GARDEN was a financially motivated cybercriminal threat group that authored and operated the GandCrab ransomware from January 2018 through May 2019. GandC… |
| GOLD MANSARD | GOLD MANSARD | GOLD MANSARD is a financially motivated cybercriminal threat group that operated the Nemty ransomware from August 2019. The threat actor behind Nemty is known … |
| GOLD-MANSARD | GOLD MANSARD | GOLD MANSARD is a financially motivated cybercriminal threat group that operated the Nemty ransomware from August 2019. The threat actor behind Nemty is known … |
| GOLD NORTHFIELD | GOLD NORTHFIELD | Operational since at least October 2020, GOLD NORTHFIELD is a financially motivated cybercriminal threat group that leverages GOLD SOUTHFIELD's REvil ransomwar… |
| GOLD-NORTHFIELD | GOLD NORTHFIELD | Operational since at least October 2020, GOLD NORTHFIELD is a financially motivated cybercriminal threat group that leverages GOLD SOUTHFIELD's REvil ransomwar… |
| GOLD PRELUDE | GOLD PRELUDE | GOLD PRELUDE is a financially motivated cybercriminal threat group that operates the SocGholish (aka FAKEUPDATES) malware distribution network. GOLD PRELUDE op… |
| GOLD-PRELUDE | GOLD PRELUDE | GOLD PRELUDE is a financially motivated cybercriminal threat group that operates the SocGholish (aka FAKEUPDATES) malware distribution network. GOLD PRELUDE op… |
| GOLD REBELLION | GOLD REBELLION | GOLD REBELLION is a financially motivated cybercriminal threat group that operates the Black Basta name-and-shame ransomware. The group posted its first victim… |
| GOLD-REBELLION | GOLD REBELLION | GOLD REBELLION is a financially motivated cybercriminal threat group that operates the Black Basta name-and-shame ransomware. The group posted its first victim… |
| GOLD RIVERVIEW | GOLD RIVERVIEW | GOLD RIVERVIEW was a financially motivated cybercriminal group that facilitated the distribution of malware- and scam-laden spam email on behalf of its custome… |
| GOLD-RIVERVIEW | GOLD RIVERVIEW | GOLD RIVERVIEW was a financially motivated cybercriminal group that facilitated the distribution of malware- and scam-laden spam email on behalf of its custome… |
| GOLD SKYLINE | GOLD SKYLINE | GOLD SKYLINE is a financially motivated cybercriminal threat group operating from Nigeria engaged in high-value wire fraud facilitated by business email compro… |
| GOLD-SKYLINE | GOLD SKYLINE | GOLD SKYLINE is a financially motivated cybercriminal threat group operating from Nigeria engaged in high-value wire fraud facilitated by business email compro… |
| GOLD SOUTHFIELD | GOLD SOUTHFIELD | GOLD SOUTHFIELD is a financially motivated cybercriminal threat group that authors and operates the REvil (aka Sodinokibi) ransomware on behalf of various affi… |
| GOLD-SOUTHFIELD | GOLD SOUTHFIELD | GOLD SOUTHFIELD is a financially motivated cybercriminal threat group that authors and operates the REvil (aka Sodinokibi) ransomware on behalf of various affi… |
| GOLD SYMPHONY | GOLD SYMPHONY | GOLD SYMPHONY is a financially motivated cybercrime group, likely based in Russia, that is responsible for the development and sale on underground forums of th… |
| GOLD-SYMPHONY | GOLD SYMPHONY | GOLD SYMPHONY is a financially motivated cybercrime group, likely based in Russia, that is responsible for the development and sale on underground forums of th… |
| GOLD WATERFALL | GOLD WATERFALL | GOLD WATERFALL is a group of financially motivated cybercriminals responsible for the creation, distribution, and operation of the Darkside ransomware. Active … |
| GOLD-WATERFALL | GOLD WATERFALL | GOLD WATERFALL is a group of financially motivated cybercriminals responsible for the creation, distribution, and operation of the Darkside ransomware. Active … |
| GOLD WINTER | GOLD WINTER | GOLD WINTER are a financially motivated group, likely based in Russia, who operate the Hades ransomware. Hades activity was first identified in December 2020 a… |
| GOLD-WINTER | GOLD WINTER | GOLD WINTER are a financially motivated group, likely based in Russia, who operate the Hades ransomware. Hades activity was first identified in December 2020 a… |
| GoldenJackal | GoldenJackal | GoldenJackal activity is characterized by the use of compromised WordPress websites as a method to host C2-related logic. Kaspersky believes the attackers uplo… |
| GOLDENJACKAL | GoldenJackal | GoldenJackal activity is characterized by the use of compromised WordPress websites as a method to host C2-related logic. Kaspersky believes the attackers uplo… |
| GoldFactory | GoldFactory CN | GoldFactory is a threat actor group attributed to developing sophisticated mobile banking malware targeting victims primarily in the Asia-Pacific region, speci… |
| GOLDFACTORY | GoldFactory | GoldFactory is a threat actor group attributed to developing sophisticated mobile banking malware targeting victims primarily in the Asia-Pacific region, speci… |
| GopherWhisper | GopherWhisper CN | GopherWhisper is a China-aligned APT that routes C2 traffic through legitimate enterprise platforms like Slack, Discord, and Microsoft 365 Outlook to evade det… |
| GOPHERWHISPER | GopherWhisper | GopherWhisper is a China-aligned APT that routes C2 traffic through legitimate enterprise platforms like Slack, Discord, and Microsoft 365 Outlook to evade det… |
| Gorilla | Gorilla | Gorilla is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: Gorilla is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341)… |
| GORILLA | Gorilla | Gorilla is a threat-actor operating a DoS-as-a-service service controlled on Telegram. |
| GozNym | GozNym | IBM X-Force Research uncovered a Trojan hybrid spawned from the Nymaim and Gozi ISFB malware. It appears that the operators of Nymaim have recompiled its sourc… |
| GOZNYM | GozNym | IBM X-Force Research uncovered a Trojan hybrid spawned from the Nymaim and Gozi ISFB malware. It appears that the operators of Nymaim have recompiled its sourc… |
| Gray Sandstorm | Gray Sandstorm IR | Gray Sandstorm is an Iran-linked threat actor that has been active since at least 2012. They have targeted defense technology companies, maritime transportatio… |
| GRAY-SANDSTORM | Gray Sandstorm | Gray Sandstorm is an Iran-linked threat actor that has been active since at least 2012. They have targeted defense technology companies, maritime transportatio… |
| GrayBravo | GrayBravo | TAG-150, also known as GrayBravo, is a sophisticated threat actor responsible for developing multiple custom malware families, including CastleLoader and Castl… |
| GRAYBRAVO | GrayBravo | TAG-150, also known as GrayBravo, is a sophisticated threat actor responsible for developing multiple custom malware families, including CastleLoader and Castl… |
| GrayCharlie | GrayCharlie | GrayCharlie is a threat actor that compromises WordPress sites to inject malicious JavaScript, redirecting visitors to NetSupport RAT payloads via fake browser… |
| GRAYCHARLIE | GrayCharlie | GrayCharlie is a threat actor that compromises WordPress sites to inject malicious JavaScript, redirecting visitors to NetSupport RAT payloads via fake browser… |
| Grayling | Grayling CN | Grayling activity was first observed in early 2023, when a number of victims were identified with distinctive malicious DLL side-loading activity. Grayling app… |
| GRAYLING | Grayling | Grayling activity was first observed in early 2023, when a number of victims were identified with distinctive malicious DLL side-loading activity. Grayling app… |
| GreedyBear | GreedyBear RU | GreedyBear is a sophisticated threat actor responsible for over $1 million in cryptocurrency theft through a campaign involving 150 malicious Firefox extension… |
| GREEDYBEAR | GreedyBear | GreedyBear is a sophisticated threat actor responsible for over $1 million in cryptocurrency theft through a campaign involving 150 malicious Firefox extension… |
| Greenbug | Greenbug IR | Greenbug is a Iranian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: Greenbug was discovered targeting a range of organ… |
| GREENBUG | Greenbug | Greenbug was discovered targeting a range of organizations in the Middle East including companies in the aviation, energy, government, investment, and educatio… |
| GreenSpot | GreenSpot TW | GreenSpot is an APT group believed to operate from Taiwan, active since at least 2007, primarily targeting government, academic, and military entities in China… |
| GREENSPOT | GreenSpot | GreenSpot is an APT group believed to operate from Taiwan, active since at least 2007, primarily targeting government, academic, and military entities in China… |
| GREF | GREF CN | GREF is a China-aligned APT group that has been active since at least March 2017. They are known for using custom backdoors, loaders, and ancillary tools in th… |
| GREF | GREF | GREF is a China-aligned APT group that has been active since at least March 2017. They are known for using custom backdoors, loaders, and ancillary tools in th… |