2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1,501–1,550 of 2,004 · page 31 of 41
| ID | Title | Summary |
|---|---|---|
| TA2725 | TA2725 | TA2725 is a threat actor that has been tracked since March 2022. They primarily target organizations in Brazil and Mexico using Brazilian banking malware and p… |
| TA2725 | TA2725 | TA2725 is a threat actor that has been tracked since March 2022. They primarily target organizations in Brazil and Mexico using Brazilian banking malware and p… |
| TA402 | TA402 PS | TA402 is an APT group that has been tracked by Proofpoint since 2020. They primarily target government entities in the Middle East and North Africa, with a fo… |
| TA402 | TA402 | TA402 is an APT group that has been tracked by Proofpoint since 2020. They primarily target government entities in the Middle East and North Africa, with a fo… |
| TA406 | TA406 KP | TA406 is a North Korean-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Operational targeting focuses on the Government, Journalists, and… |
| TA406 | TA406 | TA406 is engaging in malware distribution, phishing, intelligence collection, and cryptocurrency theft, resulting in a wide range of criminal activities. |
| TA410 | TA410 | Early in August 2019, Proofpoint described what appeared to be state-sponsored activity targeting the US utilities sector with malware that we dubbed “Lookback… |
| TA410 | TA410 | Early in August 2019, Proofpoint described what appeared to be state-sponsored activity targeting the US utilities sector with malware that we dubbed “Lookback… |
| TA428 | TA428 CN | Proofpoint researchers have identified a targeted APT campaign that utilized malicious RTF documents to deliver custom malware to unsuspecting victims. We dubb… |
| TA428 | TA428 | Proofpoint researchers have identified a targeted APT campaign that utilized malicious RTF documents to deliver custom malware to unsuspecting victims. We dubb… |
| TA444 | TA444 KP | TA444 is a North Korea state-sponsored threat actor that primarily focuses on financially motivated operations. They have been active since at least 2017 and h… |
| TA444 | TA444 | TA444 is a North Korea state-sponsored threat actor that primarily focuses on financially motivated operations. They have been active since at least 2017 and h… |
| TA453 | TA453 IR | TA453 is a Iranian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: TA453 has employed the use of compromised accounts, m… |
| TA453 | TA453 | TA453 has employed the use of compromised accounts, malware, and confrontational lures to go after targets with a range of backgrounds from medical researchers… |
| TA455 | TA455 IR | TA455 is an Iranian APT group targeting the aerospace industry through a campaign known as the “Iranian Dream Job Campaign,” utilizing deceptive job offers to … |
| TA455 | TA455 | TA455 is an Iranian APT group targeting the aerospace industry through a campaign known as the “Iranian Dream Job Campaign,” utilizing deceptive job offers to … |
| TA459 | TA459 CN | TA459 is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as G0062. Original record: TA459 is a Chines… |
| TA459 | TA459 | |
| TA482 | TA482 TR | Since early 2022, Proofpoint researchers have observed a prolific threat actor, tracked as TA482, regularly engaging in credential harvesting campaigns that ta… |
| TA482 | TA482 | Since early 2022, Proofpoint researchers have observed a prolific threat actor, tracked as TA482, regularly engaging in credential harvesting campaigns that ta… |
| TA4903 | TA4903 | TA4903 is a financially motivated threat actor known for conducting credential phishing and business email compromise campaigns. They target organizations in t… |
| TA4903 | TA4903 | TA4903 is a financially motivated threat actor known for conducting credential phishing and business email compromise campaigns. They target organizations in t… |
| TA4922 | TA4922 | TA4922 is a Chinese-speaking cybercrime cluster that employs localized HR, payroll, tax, and invoice lures to deliver various malware families, including Atlas… |
| TA499 | TA499 | TA499, also known as Vovan and Lexus, is a Russia-aligned threat actor that has aggressively engaged in email campaigns since at least 2021. The threat actor’… |
| TA499 | TA499 | TA499, also known as Vovan and Lexus, is a Russia-aligned threat actor that has aggressively engaged in email campaigns since at least 2021. The threat actor’… |
| TA505 | TA505 RU | TA505, the name given by Proofpoint, has been in the cybercrime business for at least four years. This is the group behind the infamous Dridex banking trojan a… |
| TA505 | TA505 | TA505, the name given by Proofpoint, has been in the cybercrime business for at least four years. This is the group behind the infamous Dridex banking trojan a… |
| TA516 | TA516 | This actor typically distributes instances of the SmokeLoader intermediate downloader, which, in turn, downloads additional malware of the actor’s choice -- of… |
| TA516 | TA516 | This actor typically distributes instances of the SmokeLoader intermediate downloader, which, in turn, downloads additional malware of the actor’s choice -- of… |
| TA530 | TA530 CN | TA530 is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: TA530 is a Chinese-attributed threat actor catalogued… |
| TA530 | TA530 | TA530, who we previously examined in relation to large-scale personalized phishing campaigns |
| TA547 | TA547 | TA547 is responsible for many other campaigns since at least November 2017. The other campaigns by the actor were often localized to countries such as Australi… |
| TA547 | TA547 | TA547 is responsible for many other campaigns since at least November 2017. The other campaigns by the actor were often localized to countries such as Australi… |
| TA554 | TA554 | Since May 2018, Proofpoint researchers have observed email campaigns using a new downloader called sLoad. sLoad is a PowerShell downloader that most frequently… |
| TA554 | TA554 | Since May 2018, Proofpoint researchers have observed email campaigns using a new downloader called sLoad. sLoad is a PowerShell downloader that most frequently… |
| TA555 | TA555 | Beginning in May 2018, Proofpoint researchers observed a previously undocumented downloader dubbed AdvisorsBot appearing in malicious email campaigns. The camp… |
| TA555 | TA555 | Beginning in May 2018, Proofpoint researchers observed a previously undocumented downloader dubbed AdvisorsBot appearing in malicious email campaigns. The camp… |
| TA558 | TA558 | Since 2018, security researchers tracked a financially-motivated cybercrime actor, TA558, targeting hospitality, travel, and related industries located in Lati… |
| TA558 | TA558 | Since 2018, security researchers tracked a financially-motivated cybercrime actor, TA558, targeting hospitality, travel, and related industries located in Lati… |
| TA570 | TA570 RU | TA570 is a Russian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as DEV-0450. Original record: One of the mos… |
| TA570 | TA570 | One of the most active Qbot malware affiliates, Proofpoint has tracked the large cybercrime threat actor TA570 since 2018. |
| TA571 | TA571 | TA571 is a spam distributor actor known for delivering a variety of malware, including DarkGate, NetSupport RAT, and information stealers. They use phishing em… |
| TA571 | TA571 | TA571 is a spam distributor actor known for delivering a variety of malware, including DarkGate, NetSupport RAT, and information stealers. They use phishing em… |
| TA575 | TA575 | TA575 is a Dridex affiliate tracked by Proofpoint since late 2020. This group distributes malware such as Dridex, Qakbot, and WastedLocker via malicious URLs, … |
| TA575 | TA575 | TA575 is a Dridex affiliate tracked by Proofpoint since late 2020. This group distributes malware such as Dridex, Qakbot, and WastedLocker via malicious URLs, … |
| TA577 | TA577 RU | TA577 is a prolific cybercrime threat actor tracked by Proofpoint since mid-2020. This actor conducts broad targeting across various industries and geographies… |
| TA577 | TA577 | TA577 is a prolific cybercrime threat actor tracked by Proofpoint since mid-2020. This actor conducts broad targeting across various industries and geographies… |
| TA578 | TA578 | TA578, a threat actor that Proofpoint researchers have been tracking since May of 2020. TA578 has previously been observed in email-based campaigns delivering … |
| TA578 | TA578 | TA578, a threat actor that Proofpoint researchers have been tracking since May of 2020. TA578 has previously been observed in email-based campaigns delivering … |
| TA579 | TA579 | TA579 is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: TA579, a threat actor that Proofpoint researchers have been tracking sin… |