2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 901–950 of 2,004 · page 19 of 41
| ID | Title | Summary |
|---|---|---|
| LYCEUM | LYCEUM | Lyceum is an Iranian APT group that has been active since at least 2014. They primarily target Middle Eastern governments and organizations in the energy and t… |
| Madi | Madi IR | Kaspersky Lab and Seculert worked together to sinkhole the Madi Command & Control (C&C) servers to monitor the campaign. Kaspersky Lab and Seculert identified … |
| MADI | Madi | Kaspersky Lab and Seculert worked together to sinkhole the Madi Command & Control (C&C) servers to monitor the campaign. Kaspersky Lab and Seculert identified … |
| MageCart | MageCart | MageCart is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: Digital threat management company RiskIQ tracks the activity of MageC… |
| MAGECART | MageCart | Digital threat management company RiskIQ tracks the activity of MageCart group and reported their use of web-based card skimmers since 2016. |
| Magic Kitten | Magic Kitten IR | Earliest activity back to November 2008. An established group of cyber attackers based in Iran, who carried on several campaigns in 2013, including a series of… |
| MAGIC-KITTEN | Magic Kitten | Earliest activity back to November 2008. An established group of cyber attackers based in Iran, who carried on several campaigns in 2013, including a series of… |
| MAGNETIC SPIDER | MAGNETIC SPIDER RU | MAGNETIC SPIDER is a Russian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: MAGNETIC SPIDER is a Russian-attributed thr… |
| MAGNETIC-SPIDER | MAGNETIC SPIDER | |
| MalKamak | MalKamak IR | MalKamak is an Iranian threat actor that has been operating since at least 2018. They have been involved in highly targeted cyber espionage campaigns against g… |
| MALKAMAK | MalKamak | MalKamak is an Iranian threat actor that has been operating since at least 2018. They have been involved in highly targeted cyber espionage campaigns against g… |
| MALLARD SPIDER | MALLARD SPIDER | MALLARD SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as GOLD LAGOON. Original record: Crowdstrike tarcks th… |
| MALLARD-SPIDER | MALLARD SPIDER | Crowdstrike tarcks the operators behind the Qbot as MALLARD SPIDER |
| Malsmoke | Malsmoke | Malsmoke primarily targets Japanese users through malvertising campaigns that deliver Zloader malware, often leveraging adult content lures and geographic IP i… |
| MALSMOKE | Malsmoke | Malsmoke primarily targets Japanese users through malvertising campaigns that deliver Zloader malware, often leveraging adult content lures and geographic IP i… |
| Malteiro | Malteiro | Malteiro is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: This group of cybercriminals is named Malteiroby SCILabs, they operat… |
| MALTEIRO | Malteiro | This group of cybercriminals is named Malteiroby SCILabs, they operate and distribute the URSA/Mispadu banking trojan. |
| Mana Team | Mana Team CN | Mana Team is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: Mana Team is a Chinese-attributed threat actor ca… |
| MANA-TEAM | Mana Team | |
| Markopolo | Markopolo | Markopolo is a threat actor known for running scams targeting cryptocurrency users through a fake app called Vortax. They use social media and a dedicated blog… |
| MARKOPOLO | Markopolo | Markopolo is a threat actor known for running scams targeting cryptocurrency users through a fake app called Vortax. They use social media and a dedicated blog… |
| Massgrave | Massgrave | Massgrave is a hacking group that has developed a method to bypass Microsoft's software licensing for Windows and Office, enabling permanent activation of vers… |
| MASSGRAVE | Massgrave | Massgrave is a hacking group that has developed a method to bypass Microsoft's software licensing for Windows and Office, enabling permanent activation of vers… |
| Metador | Metador | Metador primarily targets telecommunications, internet service providers, and universities in several countries in the Middle East and Africa. Metador’s attack… |
| METADOR | Metador | Metador primarily targets telecommunications, internet service providers, and universities in several countries in the Middle East and Africa. Metador’s attack… |
| MIMIC SPIDER | MIMIC SPIDER | MIMIC SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: MIMIC SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Ga… |
| MIMIC-SPIDER | MIMIC SPIDER | MIMIC SPIDER is mentioned in two summary reports only |
| Mirage Tiger | Mirage Tiger | Mirage Tiger is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Documented victim organisations include Germany. Original record: Mirage Tiger is … |
| MIRAGE-TIGER | Mirage Tiger | |
| MirrorFace | MirrorFace CN | MirrorFace is a Chinese-speaking advanced persistent threat group that has been targeting high-value organizations in Japan, including media, government, diplo… |
| MIRRORFACE | MirrorFace | MirrorFace is a Chinese-speaking advanced persistent threat group that has been targeting high-value organizations in Japan, including media, government, diplo… |
| Mocha Manakin | Mocha Manakin | Mocha Manakin is a threat actor that employs the paste and run technique for initial access, tricking users into executing scripts that download various payloa… |
| MOCHA-MANAKIN | Mocha Manakin | Mocha Manakin is a threat actor that employs the paste and run technique for initial access, tricking users into executing scripts that download various payloa… |
| ModifiedElephant | ModifiedElephant | Our research into these intrusions revealed a decade of persistent malicious activity targeting specific groups and individuals that we now attribute to a prev… |
| MODIFIEDELEPHANT | ModifiedElephant | Our research into these intrusions revealed a decade of persistent malicious activity targeting specific groups and individuals that we now attribute to a prev… |
| Mofang | Mofang CN | Mofang is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Superman, BRONZE WALKER. Operational tar… |
| MOFANG | Mofang | |
| Mogilevich | Mogilevich | Mogilevich is a ransomware group known for claiming to breach organizations like Epic Games and Ireland's Department of Foreign Affairs, offering stolen data f… |
| MOGILEVICH | Mogilevich | Mogilevich is a ransomware group known for claiming to breach organizations like Epic Games and Ireland's Department of Foreign Affairs, offering stolen data f… |
| Molatori | Molatori | Molatori is a threat actor group identified by Malwarebytes researchers, known for utilizing malicious ScreenConnect clients hosted on domains like atmolatori.… |
| MOLATORI | Molatori | Molatori is a threat actor group identified by Malwarebytes researchers, known for utilizing malicious ScreenConnect clients hosted on domains like atmolatori.… |
| Molerats | Molerats PS | In October 2012, malware attacks against Israeli government targets grabbed media attention as officials temporarily cut off Internet access for its entire pol… |
| MOLERATS | Molerats | In October 2012, malware attacks against Israeli government targets grabbed media attention as officials temporarily cut off Internet access for its entire pol… |
| MoneyTaker | MoneyTaker | In less than two years, this group has conducted over 20 successful attacks on financial institutions and legal firms in the USA, UK and Russia. The group has … |
| MONEYTAKER | MoneyTaker | In less than two years, this group has conducted over 20 successful attacks on financial institutions and legal firms in the USA, UK and Russia. The group has … |
| MONTY SPIDER | MONTY SPIDER | MONTY SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Spandex Tempest. Original record: Spambots continued … |
| MONTY-SPIDER | MONTY SPIDER | Spambots continued to decline in 2019, with MONTY SPIDER’s CraP2P spambot falling silent in April. |
| Mora_001 | Mora_001 RU | Mora_001 is a threat actor exhibiting a distinct operational signature that combines opportunistic attacks with ties to the LockBit ecosystem. The actor has be… |
| MORA-001 | Mora_001 | Mora_001 is a threat actor exhibiting a distinct operational signature that combines opportunistic attacks with ties to the LockBit ecosystem. The actor has be… |
| MORH4x | MORH4x MA | MORH4x is a self-proclaimed Moroccan hacking group that claimed responsibility for a data leak from Algeria's pharmaceutical industry ministry. The group annou… |