2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1,101–1,150 of 2,004 · page 23 of 41
| ID | Title | Summary |
|---|---|---|
| PINCHY SPIDER | PINCHY SPIDER | First observed in January 2018, GandCrab ransomware quickly began to proliferate and receive regular updates from its developer, PINCHY SPIDER, which over the … |
| PINCHY-SPIDER | PINCHY SPIDER | First observed in January 2018, GandCrab ransomware quickly began to proliferate and receive regular updates from its developer, PINCHY SPIDER, which over the … |
| Pink Sandstorm | Pink Sandstorm IR | Agonizing Serpens is an Iranian-linked APT group that has been active since 2020. They are known for their destructive wiper and fake-ransomware attacks, prima… |
| PINK-SANDSTORM | Pink Sandstorm | Agonizing Serpens is an Iranian-linked APT group that has been active since 2020. They are known for their destructive wiper and fake-ransomware attacks, prima… |
| PIZZO SPIDER | PIZZO SPIDER US | PIZZO SPIDER is a American-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as DD4BC, Ambiorx. Original record: … |
| PIZZO-SPIDER | PIZZO SPIDER | |
| PLATINUM | PLATINUM | PLATINUM has been targeting its victims since at least as early as 2009, and may have been active for several years prior. Its activities are distinctly differ… |
| PLATINUM | PLATINUM | PLATINUM has been targeting its victims since at least as early as 2009, and may have been active for several years prior. Its activities are distinctly differ… |
| PlushDaemon | PlushDaemon CN | PlushDaemon is a China-aligned APT group that has conducted cyberespionage operations against targets in China, Taiwan, Hong Kong, South Korea, the United Stat… |
| PLUSHDAEMON | PlushDaemon | PlushDaemon is a China-aligned APT group that has conducted cyberespionage operations against targets in China, Taiwan, Hong Kong, South Korea, the United Stat… |
| POISON CARP | POISON CARP | Between November 2018 and May 2019, senior members of Tibetan groups received malicious links in individually tailored WhatsApp text exchanges with operators p… |
| POISON-CARP | POISON CARP | Between November 2018 and May 2019, senior members of Tibetan groups received malicious links in individually tailored WhatsApp text exchanges with operators p… |
| PoisonSeed | PoisonSeed | PoisonSeed is a threat actor employing an MFA-resistant phishing kit to acquire credentials from individuals and organizations, primarily targeting email infra… |
| POISONSEED | PoisonSeed | PoisonSeed is a threat actor employing an MFA-resistant phishing kit to acquire credentials from individuals and organizations, primarily targeting email infra… |
| POISONUS PANDA | POISONUS PANDA CN | POISONUS PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: POISONUS PANDA is a Chinese-attributed threa… |
| POISONUS-PANDA | POISONUS PANDA | |
| POLONIUM | POLONIUM LB | Microsoft successfully detected and disabled attack activity abusing OneDrive by a previously undocumented Lebanon-based activity group Microsoft Threat Intell… |
| POLONIUM | POLONIUM | Microsoft successfully detected and disabled attack activity abusing OneDrive by a previously undocumented Lebanon-based activity group Microsoft Threat Intell… |
| Poseidon Group | Poseidon Group BR | Poseidon Group is a Portuguese-speaking threat group that has been active since at least 2005. The group has a history of using information exfiltrated from vi… |
| POSEIDON-GROUP | Poseidon Group | Poseidon Group is a Portuguese-speaking threat group that has been active since at least 2005. The group has a history of using information exfiltrated from vi… |
| PowerPool | PowerPool | Malware developers have started to use the zero-day exploit for Task Scheduler component in Windows, two days after proof-of-concept code for the vulnerability… |
| POWERPOOL | PowerPool | Malware developers have started to use the zero-day exploit for Task Scheduler component in Windows, two days after proof-of-concept code for the vulnerability… |
| PREDATOR PANDA | PREDATOR PANDA CN | PREDATOR PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: PREDATOR PANDA is a Chinese-attributed threa… |
| PREDATOR-PANDA | PREDATOR PANDA | |
| Predatory Sparrow | Predatory Sparrow | Predatory Sparrow is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Indra, Gonjeshke Darande. Operational targeting … |
| PREDATORY-SPARROW | Predatory Sparrow | A self-proclaimed hacktivist group that carried out attacks against Iranian railway systems and against Iranian steel plants. |
| ProCC | ProCC | ProCC is a threat actor targeting the hospitality sector with remote access Trojan malware. They use email attachments to exploit vulnerabilities like CVE-2017… |
| PROCC | ProCC | ProCC is a threat actor targeting the hospitality sector with remote access Trojan malware. They use email attachments to exploit vulnerabilities like CVE-2017… |
| ProjectSauron | ProjectSauron US | ProjectSauron is the name for a top level modular cyber-espionage platform, designed to enable and manage long-term campaigns through stealthy survival mechani… |
| PROJECTSAURON | ProjectSauron | ProjectSauron is the name for a top level modular cyber-espionage platform, designed to enable and manage long-term campaigns through stealthy survival mechani… |
| Prolific Puma | Prolific Puma | Prolific Puma provides an underground link shortening service to criminals. Infoblox states that during analysis, no legitimate content was observed being serv… |
| PROLIFIC-PUMA | Prolific Puma | Prolific Puma provides an underground link shortening service to criminals. Infoblox states that during analysis, no legitimate content was observed being serv… |
| PROMETHIUM | PROMETHIUM TR | PROMETHIUM is an activity group that has been active as early as 2012. The group primarily uses Truvasys, a first-stage malware that has been in circulation fo… |
| PROMETHIUM | PROMETHIUM | PROMETHIUM is an activity group that has been active as early as 2012. The group primarily uses Truvasys, a first-stage malware that has been in circulation fo… |
| Prophet Spider | Prophet Spider | PROPHET SPIDER is an eCrime actor, active since at least May 2017, that primarily gains access to victims by compromising vulnerable web servers, which commonl… |
| PROPHET-SPIDER | Prophet Spider | PROPHET SPIDER is an eCrime actor, active since at least May 2017, that primarily gains access to victims by compromising vulnerable web servers, which commonl… |
| puNK-003 | puNK-003 KP | puNK-003 is a North Korean APT group known for deploying the Lilith RAT, a sophisticated C++ remote access trojan, and its AutoIt variant, CURKON, which functi… |
| PUNK-003 | puNK-003 | puNK-003 is a North Korean APT group known for deploying the Lilith RAT, a sophisticated C++ remote access trojan, and its AutoIt variant, CURKON, which functi… |
| PurpleHaze | PurpleHaze CN | PurpleHaze is a China-nexus threat actor tracked by SentinelLABS, linked to APT15, known for targeting critical infrastructure sectors such as telecommunicatio… |
| PURPLEHAZE | PurpleHaze | PurpleHaze is a China-nexus threat actor tracked by SentinelLABS, linked to APT15, known for targeting critical infrastructure sectors such as telecommunicatio… |
| QUILTED TIGER | QUILTED TIGER IN | Dropping Elephant (also known as “Chinastrats” and “Patchwork“) is a relatively new threat actor that is targeting a variety of high profile diplomatic and eco… |
| QUILTED-TIGER | QUILTED TIGER | Dropping Elephant (also known as “Chinastrats” and “Patchwork“) is a relatively new threat actor that is targeting a variety of high profile diplomatic and eco… |
| R00tK1T | R00tK1T IL | R00TK1T is a hacking group known for sophisticated cyber attacks targeting governmental agencies in Malaysia, including data exfiltration from the National Pop… |
| R00TK1T | R00tK1T | R00TK1T is a hacking group known for sophisticated cyber attacks targeting governmental agencies in Malaysia, including data exfiltration from the National Pop… |
| RADIO PANDA | RADIO PANDA CN | RADIO PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Shrouded Crossbow. Original record:… |
| RADIO-PANDA | RADIO PANDA | |
| RaHDit | RaHDit RU | RaHDit is a pro-Kremlin hacktivist group known for orchestrating hack-and-leak operations, including the publication of personal information about Ukrainian mi… |
| RAHDIT | RaHDit | RaHDit is a pro-Kremlin hacktivist group known for orchestrating hack-and-leak operations, including the publication of personal information about Ukrainian mi… |
| RANCOR | RANCOR CN | The Rancor group’s attacks use two primary malware families which are naming DDKONG and PLAINTEE. DDKONG is used throughout the campaign and PLAINTEE appears t… |
| RANCOR | RANCOR | The Rancor group’s attacks use two primary malware families which are naming DDKONG and PLAINTEE. DDKONG is used throughout the campaign and PLAINTEE appears t… |