2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1,551–1,600 of 2,004 · page 32 of 41
| ID | Title | Summary |
|---|---|---|
| TA579 | TA579 | TA579, a threat actor that Proofpoint researchers have been tracking since August 2021. This actor frequently delivered BazaLoader and IcedID in past campaigns. |
| TA584 | TA584 | TA584 is a prominent initial access broker tracked by Proofpoint since November 2020, known for its high-volume campaigns targeting organizations globally. The… |
| TA584 | TA584 | TA584 is a prominent initial access broker tracked by Proofpoint since November 2020, known for its high-volume campaigns targeting organizations globally. The… |
| TA800 | TA800 | This attacker is an affiliate distributor of the The Trick, also known as Trickbot, and BazaLoader. (For more on how affiliates work, see the description of TA… |
| TA800 | TA800 | This attacker is an affiliate distributor of the The Trick, also known as Trickbot, and BazaLoader. (For more on how affiliates work, see the description of TA… |
| TA829 | TA829 RU | TA829 is a Russia-aligned threat actor that employs the RomCom RAT for intelligence-gathering and financially motivated cyberattacks, exploiting zero-day vulne… |
| TA829 | TA829 | TA829 is a Russia-aligned threat actor that employs the RomCom RAT for intelligence-gathering and financially motivated cyberattacks, exploiting zero-day vulne… |
| TA866 | TA866 | According to Proofpoint, TA866 is a newly identified threat actor that distributes malware via email utilizing both commodity and custom tools. While most of t… |
| TA866 | TA866 | According to Proofpoint, TA866 is a newly identified threat actor that distributes malware via email utilizing both commodity and custom tools. While most of t… |
| TAG-112 | TAG-112 CN | TAG-112 is a Chinese state-sponsored APT that compromised Tibetan websites, including Tibet Post and Gyudmed Tantric University, to deliver Cobalt Strike malwa… |
| TAG-112 | TAG-112 | TAG-112 is a Chinese state-sponsored APT that compromised Tibetan websites, including Tibet Post and Gyudmed Tantric University, to deliver Cobalt Strike malwa… |
| TAG-124 | TAG-124 | TAG-124 is a threat actor that employs a traffic distribution system to distribute malware, primarily using MintsLoader and targeting various sectors through p… |
| TAG-124 | TAG-124 | TAG-124 is a threat actor that employs a traffic distribution system to distribute malware, primarily using MintsLoader and targeting various sectors through p… |
| TAG-140 | TAG-140 PK | TAG-140 is a threat actor group that primarily targets Indian government entities, employing cyber espionage tactics such as phishing and malware campaigns. Th… |
| TAG-140 | TAG-140 | TAG-140 is a threat actor group that primarily targets Indian government entities, employing cyber espionage tactics such as phishing and malware campaigns. Th… |
| TAG-28 | TAG-28 CN | TAG-28 is a Chinese state-sponsored threat actor that has been targeting Indian organizations, including media conglomerates and government agencies. They have… |
| TAG-28 | TAG-28 | TAG-28 is a Chinese state-sponsored threat actor that has been targeting Indian organizations, including media conglomerates and government agencies. They have… |
| TAG-56 | TAG-56 IR | TAG-56 is a threat actor group that shares similarities with the APT42 group. They use tactics such as fake registration pages and spearphishing to target vict… |
| TAG-56 | TAG-56 | TAG-56 is a threat actor group that shares similarities with the APT42 group. They use tactics such as fake registration pages and spearphishing to target vict… |
| Taidoor | Taidoor | The Taidoor attackers have been actively engaging in targeted attacks since at least March 4, 2009. Despite some exceptions, the Taidoor campaign often used Ta… |
| TAIDOOR | Taidoor | The Taidoor attackers have been actively engaging in targeted attacks since at least March 4, 2009. Despite some exceptions, the Taidoor campaign often used Ta… |
| TaskMasters | TaskMasters CN | TaskMasters is a state-sponsored Chinese APT that has been active since at least 2010, primarily targeting industrial, energy, and government sectors in Russia… |
| TASKMASTERS | TaskMasters | TaskMasters is a state-sponsored Chinese APT that has been active since at least 2010, primarily targeting industrial, energy, and government sectors in Russia… |
| Team-Xecuter | Team-Xecuter | Team-Xecuter is a hacking group led by Gary Bowser, also known as GaryOPA. They were involved in a piracy conspiracy against Nintendo, creating and selling ill… |
| TEAM-XECUTER | Team-Xecuter | Team-Xecuter is a hacking group led by Gary Bowser, also known as GaryOPA. They were involved in a piracy conspiracy against Nintendo, creating and selling ill… |
| Team46 | Team46 | Team46 is a sophisticated APT group active since at least late 2024, targeting Russian government, academic, and media organizations through spearphishing emai… |
| TEAM46 | Team46 | Team46 is a sophisticated APT group active since at least late 2024, targeting Russian government, academic, and media organizations through spearphishing emai… |
| TeamPCP | TeamPCP | TeamPCP is a threat actor that has executed a coordinated series of supply chain attacks, compromising widely-used open source tools such as Trivy, KICS, and L… |
| TEAMPCP | TeamPCP | TeamPCP is a threat actor that has executed a coordinated series of supply chain attacks, compromising widely-used open source tools such as Trivy, KICS, and L… |
| TeamSpy Crew | TeamSpy Crew RU | Researchers have uncovered a long-term cyber-espionage campaign that used a combination of legitimate software packages and commodity malware tools to target a… |
| TEAMSPY-CREW | TeamSpy Crew | Researchers have uncovered a long-term cyber-espionage campaign that used a combination of legitimate software packages and commodity malware tools to target a… |
| TeamTNT | TeamTNT | In early Febuary, 2021 TeamTNT launched a new campaign against Docker and Kubernetes environments. Using a collection of container images that are hosted in Do… |
| TEAMTNT | TeamTNT | In early Febuary, 2021 TeamTNT launched a new campaign against Docker and Kubernetes environments. Using a collection of container images that are hosted in Do… |
| TeamXRat | TeamXRat | TeamXRat is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as CorporacaoXRat, CorporationXRat. Original record: TeamXRa… |
| TEAMXRAT | TeamXRat | |
| Teleboyi | Teleboyi CN | Teleboyi is a threat actor reportedly based in China, associated with the PlugX RAT. TeamT5 identified a custom PlugX loader used by Teleboyi that employs a si… |
| TELEBOYI | Teleboyi | Teleboyi is a threat actor reportedly based in China, associated with the PlugX RAT. TeamT5 identified a custom PlugX loader used by Teleboyi that employs a si… |
| TEMP_Heretic | TEMP_Heretic CN | TEMP_Heretic is a threat actor that has been observed engaging in targeted spear-phishing campaigns. They exploit vulnerabilities in email platforms, such as Z… |
| TEMP-HERETIC | TEMP_Heretic | TEMP_Heretic is a threat actor that has been observed engaging in targeted spear-phishing campaigns. They exploit vulnerabilities in email platforms, such as Z… |
| TEMP.Hermit | TEMP.Hermit KP | TEMP.Hermit is a North Korean-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: TEMP.Hermit is a North Korean-attributed t… |
| TEMP-HERMIT | TEMP.Hermit | |
| TEMP.Veles | TEMP.Veles | TEMP.Veles is a Russia-based threat group that has targeted critical infrastructure. The group has been observed utilizing TRITON, a malware framework designed… |
| TEMP-VELES | TEMP.Veles | TEMP.Veles is a Russia-based threat group that has targeted critical infrastructure. The group has been observed utilizing TRITON, a malware framework designed… |
| TEMPER PANDA | TEMPER PANDA CN | China-based cyber threat group. It has previously used newsworthy events as lures to deliver malware and has primarily targeted organizations involved in finan… |
| TEMPER-PANDA | TEMPER PANDA | China-based cyber threat group. It has previously used newsworthy events as lures to deliver malware and has primarily targeted organizations involved in finan… |
| TempTick | TempTick CN | This threat actor targets organizations in the finance, defense, aerospace, technology, health-care, and automotive sectors and media organizations in East Asi… |
| TEMPTICK | TempTick | This threat actor targets organizations in the finance, defense, aerospace, technology, health-care, and automotive sectors and media organizations in East Asi… |
| TERBIUM | TERBIUM | Microsoft Threat Intelligence identified similarities between this recent attack and previous 2012 attacks against tens of thousands of computers belonging to … |
| TERBIUM | TERBIUM | Microsoft Threat Intelligence identified similarities between this recent attack and previous 2012 attacks against tens of thousands of computers belonging to … |
| TEST PANDA | TEST PANDA CN | TEST PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: TEST PANDA is a Chinese-attributed threat actor … |