2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1,601–1,650 of 2,004 · page 33 of 41
| ID | Title | Summary |
|---|---|---|
| TEST-PANDA | TEST PANDA | |
| TetrisPhantom | TetrisPhantom | TetrisPhantom relies on compromising of certain type of secure USB drives that provide hardware encryption and is commonly used by government organizations. Wh… |
| TETRISPHANTOM | TetrisPhantom | TetrisPhantom relies on compromising of certain type of secure USB drives that provide hardware encryption and is commonly used by government organizations. Wh… |
| The Big Bang | The Big Bang | While it is not clear exactly what the attacker is looking for, what is clear is that once he finds it, a second stage of the attack awaits, fetching additiona… |
| THE-BIG-BANG | The Big Bang | While it is not clear exactly what the attacker is looking for, what is clear is that once he finds it, a second stage of the attack awaits, fetching additiona… |
| The Gentlemen | The Gentlemen | The Gentlemen is a ransomware group that employs a dual-extortion strategy, encrypting sensitive files while exfiltrating critical business data to pressure vi… |
| THE-GENTLEMEN | The Gentlemen | The Gentlemen is a ransomware group that employs a dual-extortion strategy, encrypting sensitive files while exfiltrating critical business data to pressure vi… |
| The Gorgon Group | The Gorgon Group | Unit 42 researchers have been tracking Subaat, an attacker, since 2017. Recently Subaat drew our attention due to renewed targeted attack activity. Part of mon… |
| THE-GORGON-GROUP | The Gorgon Group | Unit 42 researchers have been tracking Subaat, an attacker, since 2017. Recently Subaat drew our attention due to renewed targeted attack activity. Part of mon… |
| The Shadow Brokers | The Shadow Brokers | The Shadow Brokers (TSB) is a hacker group who first appeared in the summer of 2016. They published several leaks containing hacking tools from the National Se… |
| THE-SHADOW-BROKERS | The Shadow Brokers | The Shadow Brokers (TSB) is a hacker group who first appeared in the summer of 2016. They published several leaks containing hacking tools from the National Se… |
| TheDarkOverlord | TheDarkOverlord | TheDarkOverlord is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: The Dark Overlord is a financially motivated ransomware group … |
| THEDARKOVERLORD | TheDarkOverlord | The Dark Overlord is a financially motivated ransomware group that has been active since 2016. The group is known for targeting large organizations, including … |
| TheWizards | TheWizards | TheWizards is a China-aligned APT group that employs the Spellbinder tool for adversary-in-the-middle attacks, utilizing IPv6 SLAAC spoofing to redirect legiti… |
| THEWIZARDS | TheWizards | TheWizards is a China-aligned APT group that employs the Spellbinder tool for adversary-in-the-middle attacks, utilizing IPv6 SLAAC spoofing to redirect legiti… |
| Threat Actor 888 | Threat Actor 888 | Threat Actor 888 is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: Threat actor 888 is a hacker active in 2024, targeting compan… |
| THREAT-ACTOR-888 | Threat Actor 888 | Threat actor 888 is a hacker active in 2024, targeting companies for data breaches. They've hit Microsoft, BMW (Hong Kong), and others in tech, freight, and oi… |
| Threatsec | Threatsec | ThreatSec is a hacktivist group that has targeted various organizations, including internet service providers in Gaza. They claim to fight for the rights and f… |
| THREATSEC | Threatsec | ThreatSec is a hacktivist group that has targeted various organizations, including internet service providers in Gaza. They claim to fight for the rights and f… |
| Thrip | Thrip | Thrip is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as G0076, ATK78. Operational targeting focuses on the Private s… |
| THRIP | Thrip | This threat actor targets organizations in the satellite communications, telecommunications, geospatial-imaging, and defense sectors in the United States and S… |
| TianWu | TianWu CN | TianWu is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Operational targeting focuses on the Private Sector, Gambling compani… |
| TIANWU | TianWu | |
| Tick | Tick CN | Tick is a cyber espionage group with likely Chinese origins that has been active since at least 2008. The group appears to have close ties to the Chinese Natio… |
| TICK | Tick | Tick is a cyber espionage group with likely Chinese origins that has been active since at least 2008. The group appears to have close ties to the Chinese Natio… |
| TIDRONE | TIDRONE CN | TIDRONE is an unidentified threat actor linked to Chinese-speaking groups, with a focus on military-related industry chains, particularly drone manufacturers i… |
| TIDRONE | TIDRONE | TIDRONE is an unidentified threat actor linked to Chinese-speaking groups, with a focus on military-related industry chains, particularly drone manufacturers i… |
| TiltedTemple | TiltedTemple CN | One of their notable tools is a custom backdoor called SockDetour, which operates filelessly and socketlessly on compromised Windows servers. The group's activ… |
| TILTEDTEMPLE | TiltedTemple | One of their notable tools is a custom backdoor called SockDetour, which operates filelessly and socketlessly on compromised Windows servers. The group's activ… |
| TINY SPIDER | TINY SPIDER | TINY SPIDER is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: According to CrowdStrike, this actor is using TinyLoader and TinyP… |
| TINY-SPIDER | TINY SPIDER | According to CrowdStrike, this actor is using TinyLoader and TinyPOS, potentially buying access through Dridex infections. |
| ToddyCat | ToddyCat | ToddyCat is responsible for multiple sets of attacks detected since December 2020 against high-profile entities in Europe and Asia. There is still little infor… |
| TODDYCAT | ToddyCat | ToddyCat is responsible for multiple sets of attacks detected since December 2020 against high-profile entities in Europe and Asia. There is still little infor… |
| Tonto Team | Tonto Team CN | Tonto Team is a Chinese-speaking APT group that has been active since at least 2013. They primarily target military, diplomatic, and infrastructure organizatio… |
| TONTO-TEAM | Tonto Team | Tonto Team is a Chinese-speaking APT group that has been active since at least 2013. They primarily target military, diplomatic, and infrastructure organizatio… |
| Tortoiseshell | Tortoiseshell IR | A previously undocumented attack group is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain … |
| TORTOISESHELL | Tortoiseshell | A previously undocumented attack group is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain … |
| TOXCAR CYBER TEAM | TOXCAR CYBER TEAM | The Toxcar Cyber Team has claimed responsibility for a data leak involving Mastercard, asserting that the attack targeted the U.S. site and providing screensho… |
| TOXCAR-CYBER-TEAM | TOXCAR CYBER TEAM | The Toxcar Cyber Team has claimed responsibility for a data leak involving Mastercard, asserting that the attack targeted the U.S. site and providing screensho… |
| TOXIC PANDA | TOXIC PANDA CN | TOXIC PANDA is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: TOXIC PANDA is a Chinese-attributed threat acto… |
| TOXIC-PANDA | TOXIC PANDA | A group targeting dissident groups in China and at the boundaries. |
| TRACER KITTEN | TRACER KITTEN IR | In April 2020, Crowstrike Falcon OverWatch discovered Iran-based adversary TRACER KITTEN conducting malicious interactive activity against multiple hosts at a … |
| TRACER-KITTEN | TRACER KITTEN | In April 2020, Crowstrike Falcon OverWatch discovered Iran-based adversary TRACER KITTEN conducting malicious interactive activity against multiple hosts at a … |
| TraderTraitor | TraderTraitor KP | TraderTraitor targets blockchain companies through spear-phishing messages. The group sends these messages to employees, particularly those in system administr… |
| TRADERTRAITOR | TraderTraitor | TraderTraitor targets blockchain companies through spear-phishing messages. The group sends these messages to employees, particularly those in system administr… |
| TRAVELING SPIDER | TRAVELING SPIDER | Crowdstrike Tracks the criminal developer of Nemty ransomware as TRAVELING SPIDER. The actor has been observed to take advantage of single-factor authenticatio… |
| TRAVELING-SPIDER | TRAVELING SPIDER | Crowdstrike Tracks the criminal developer of Nemty ransomware as TRAVELING SPIDER. The actor has been observed to take advantage of single-factor authenticatio… |
| TridentLocker | TridentLocker | TridentLocker is a ransomware group known for targeting organizations that manage high volumes of regulated or third-party data, including government services … |
| TRIDENTLOCKER | TridentLocker | TridentLocker is a ransomware group known for targeting organizations that manage high volumes of regulated or third-party data, including government services … |
| TRIPLESTRENGTH | TRIPLESTRENGTH | TRIPLESTRENGTH is a financially motivated threat actor targeting cloud environments and on-premises infrastructures for cryptojacking, ransomware, and extortio… |