2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1,151–1,200 of 2,004 · page 24 of 41
| ID | Title | Summary |
|---|---|---|
| RansomHouse | RansomHouse | This group started operating during the first quarter of 2022. They published samples of alleged stolen data from companies on their site on Tor. It is unclear… |
| RANSOMHOUSE | RansomHouse | This group started operating during the first quarter of 2022. They published samples of alleged stolen data from companies on their site on Tor. It is unclear… |
| RansomHub | RansomHub | RansomHub is a rapidly growing ransomware group believed to be an updated version of the older Knight ransomware. They have been linked to attacks exploiting t… |
| RANSOMHUB | RansomHub | RansomHub is a rapidly growing ransomware group believed to be an updated version of the older Knight ransomware. They have been linked to attacks exploiting t… |
| RansomVC | RansomVC | Ransomed.VC burst onto the scene with a well-orchestrated PR campaign, encompassing a clearnet site and multiple communication channels including Telegram and … |
| RANSOMVC | RansomVC | Ransomed.VC burst onto the scene with a well-orchestrated PR campaign, encompassing a clearnet site and multiple communication channels including Telegram and … |
| Raspberry Typhoon | Raspberry Typhoon CN | Microsoft has tracked Raspberry Typhoon (RADIUM) as the primary threat group targeting nations that ring the South China Sea. Raspberry Typhoon consistently ta… |
| RASPBERRY-TYPHOON | Raspberry Typhoon | Microsoft has tracked Raspberry Typhoon (RADIUM) as the primary threat group targeting nations that ring the South China Sea. Raspberry Typhoon consistently ta… |
| RASPITE | RASPITE | Dragos has identified a new activity group targeting access operations in the electric utility sector. We call this activity group RASPITE. Analysis of RASPIT… |
| RASPITE | RASPITE | Dragos has identified a new activity group targeting access operations in the electric utility sector. We call this activity group RASPITE. Analysis of RASPIT… |
| RATPAK SPIDER | RATPAK SPIDER | In July 2018, the source code of Pegasus, RATPAK SPIDER’s malware framework, was anonymously leaked. This malware has been linked to the targeting of Russia’s … |
| RATPAK-SPIDER | RATPAK SPIDER | In July 2018, the source code of Pegasus, RATPAK SPIDER’s malware framework, was anonymously leaked. This malware has been linked to the targeting of Russia’s … |
| RAZOR TIGER | RAZOR TIGER IN | An actor mainly targeting Pakistan military targets, active since at least 2012. We have low confidence that this malware might be authored by an Indian compan… |
| RAZOR-TIGER | RAZOR TIGER | An actor mainly targeting Pakistan military targets, active since at least 2012. We have low confidence that this malware might be authored by an Indian compan… |
| Rebel Jackal | Rebel Jackal TN | This is a pro-Islamist organization that generally conducts attacks motivated by real world events in which its members believe that members of the Muslim fait… |
| REBEL-JACKAL | Rebel Jackal | This is a pro-Islamist organization that generally conducts attacks motivated by real world events in which its members believe that members of the Muslim fait… |
| Reckless Rabbit | Reckless Rabbit | Reckless Rabbit lures victims into investment scams through malicious Facebook advertisements that lead to fake news articles with embedded web forms for perso… |
| RECKLESS-RABBIT | Reckless Rabbit | Reckless Rabbit lures victims into investment scams through malicious Facebook advertisements that lead to fake news articles with embedded web forms for perso… |
| Red Charon | Red Charon | Throughout 2019, multiple companies in the Taiwan high-tech ecosystem were victims of an advanced persistent threat (APT) attack. Due to these APT attacks havi… |
| RED-CHARON | Red Charon | Throughout 2019, multiple companies in the Taiwan high-tech ecosystem were victims of an advanced persistent threat (APT) attack. Due to these APT attacks havi… |
| Red Dev 17 | Red Dev 17 CN | In 2021, PwC started tracking a series of intrusions under the moniker of Red Dev 17 that they assess were highly likely conducted by a China-based threat acto… |
| RED-DEV-17 | Red Dev 17 | In 2021, PwC started tracking a series of intrusions under the moniker of Red Dev 17 that they assess were highly likely conducted by a China-based threat acto… |
| Red Menshen | Red Menshen CN | Since 2021, Red Menshen, a China based threat actor, which has been observed targeting telecommunications providers across the Middle East and Asia, as well as… |
| RED-MENSHEN | Red Menshen | Since 2021, Red Menshen, a China based threat actor, which has been observed targeting telecommunications providers across the Middle East and Asia, as well as… |
| Red Nue | Red Nue CN | Red Nue, active since at least 2017, is known for its use of the multi-platform LootRAt backdoor, also known as ReverseWindow. LootRAT has variants for Windows… |
| RED-NUE | Red Nue | Red Nue, active since at least 2017, is known for its use of the multi-platform LootRAt backdoor, also known as ReverseWindow. LootRAT has variants for Windows… |
| Red-Lili | Red-Lili | RED-LILI is an active threat actor that has been identified by Checkmarx SCS research team. They have been publishing malicious packages on NPM and PyPi platfo… |
| RED-LILI | Red-Lili | RED-LILI is an active threat actor that has been identified by Checkmarx SCS research team. They have been publishing malicious packages on NPM and PyPi platfo… |
| RedAlpha | RedAlpha | Recorded Future’s Insikt Group has identified two new cyberespionage campaigns targeting the Tibetan Community over the past two years. The campaigns, which we… |
| REDALPHA | RedAlpha | Recorded Future’s Insikt Group has identified two new cyberespionage campaigns targeting the Tibetan Community over the past two years. The campaigns, which we… |
| RedDelta | RedDelta | Likely Chinese state-sponsored threat activity group RedDelta targeting organizations within Europe and Southeast Asia using a customized variant of the PlugX … |
| REDDELTA | RedDelta | Likely Chinese state-sponsored threat activity group RedDelta targeting organizations within Europe and Southeast Asia using a customized variant of the PlugX … |
| RedEcho | RedEcho | RedEcho is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: RedEcho: The group made heavy use of AXIOMATICASYMPTOTE — a term we us… |
| REDECHO | RedEcho | RedEcho: The group made heavy use of AXIOMATICASYMPTOTE — a term we use to track infrastructure that comprises ShadowPad C2s, which is shared between several C… |
| Redfly | Redfly | Redfly hacked a national electricity grid organization in Asia and maintained persistent access to the network for about six months. Researchers discovered evi… |
| REDFLY | Redfly | Redfly hacked a national electricity grid organization in Asia and maintained persistent access to the network for about six months. Researchers discovered evi… |
| RedGolf | RedGolf CN | Recorded Future’s Insikt Group has identified a large cluster of new operational infrastructure associated with use of the custom Windows and Linux backdoor KE… |
| REDGOLF | RedGolf | Recorded Future’s Insikt Group has identified a large cluster of new operational infrastructure associated with use of the custom Windows and Linux backdoor KE… |
| RedJuliett | RedJuliett CN | RedJuliett is a likely Chinese state-sponsored threat actor targeting government, academic, technology, and diplomatic organizations in Taiwan. They exploit vu… |
| REDJULIETT | RedJuliett | RedJuliett is a likely Chinese state-sponsored threat actor targeting government, academic, technology, and diplomatic organizations in Taiwan. They exploit vu… |
| RedKitten | RedKitten | RedKitten is a campaign targeting Iranian interests, particularly NGOs and individuals documenting human rights abuses, first observed in January 2026. The mal… |
| REDKITTEN | RedKitten | RedKitten is a campaign targeting Iranian interests, particularly NGOs and individuals documenting human rights abuses, first observed in January 2026. The mal… |
| RedStinger | RedStinger | In October 2022, Kaspersky identified an active infection of government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crim… |
| REDSTINGER | RedStinger | In October 2022, Kaspersky identified an active infection of government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crim… |
| REF2924 | REF2924 CN | A group monitored as REF2924 by Elastic Security Labs is wielding novel data-stealing malware — an HTTP listener written in C# dubbed Naplistener by the resear… |
| REF2924 | REF2924 | A group monitored as REF2924 by Elastic Security Labs is wielding novel data-stealing malware — an HTTP listener written in C# dubbed Naplistener by the resear… |
| REF5961 | REF5961 | Elastic's security team has published a report on REF5961, a cyber-espionage group they found on the network of a Foreign Affairs Ministry from a member of the… |
| REF5961 | REF5961 | Elastic's security team has published a report on REF5961, a cyber-espionage group they found on the network of a Foreign Affairs Ministry from a member of the… |
| REF7707 | REF7707 CN | REF7707 is a cyber campaign targeting government entities, particularly a foreign ministry in South America, utilizing malware families such as FinalDraft, Gui… |
| REF7707 | REF7707 | REF7707 is a cyber campaign targeting government entities, particularly a foreign ministry in South America, utilizing malware families such as FinalDraft, Gui… |