2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 1,851–1,900 of 2,004 · page 38 of 41
| ID | Title | Summary |
|---|---|---|
| UNK-REMOTEROGUE | UNK_RemoteRogue | UNK_RemoteRogue is a suspected Russian threat actor that has been observed utilizing ClickFix in its infection chains, although this technique is not revolutio… |
| UNK_SparkyCarp | UNK_SparkyCarp | Between March and June 2025, Proofpoint identified multiple China-aligned threat actors specifically targeting Taiwanese organizations within the semiconductor… |
| UNK-SPARKYCARP | UNK_SparkyCarp | Between March and June 2025, Proofpoint identified multiple China-aligned threat actors specifically targeting Taiwanese organizations within the semiconductor… |
| Unnamed Actor | Unnamed Actor CN | This threat actor compromises civil society groups the Chinese Communist Party views as hostile to its interests, such as Tibetan, Uyghur, Hong Kong, and Taiwa… |
| UNNAMED-ACTOR | Unnamed Actor | This threat actor compromises civil society groups the Chinese Communist Party views as hostile to its interests, such as Tibetan, Uyghur, Hong Kong, and Taiwa… |
| UnsolicitedBooker | UnsolicitedBooker CN | UnsolicitedBooker is a China-aligned APT group known for its persistent targeting of an unnamed international organization in Saudi Arabia, employing a backdoo… |
| UNSOLICITEDBOOKER | UnsolicitedBooker | UnsolicitedBooker is a China-aligned APT group known for its persistent targeting of an unnamed international organization in Saudi Arabia, employing a backdoo… |
| Urpage | Urpage | What sets Urpage attacks apart is its targeting of InPage, a word processor for Urdu and Arabic languages. However, its Delphi backdoor component, which it has… |
| URPAGE | Urpage | What sets Urpage attacks apart is its targeting of InPage, a word processor for Urdu and Arabic languages. However, its Delphi backdoor component, which it has… |
| USDoD | USDoD | USDoD is a threat actor known for leaking large databases of personal information, including from companies like Airbus and the U.S. Environmental Protection A… |
| USDOD | USDoD | USDoD is a threat actor known for leaking large databases of personal information, including from companies like Airbus and the U.S. Environmental Protection A… |
| UserSec | UserSec RU | UserSec is a pro-Russian hacking group that has been active since at least 2022. The group is known for its DDoS attacks and has collaborated with other pro-Ru… |
| USERSEC | UserSec | UserSec is a pro-Russian hacking group that has been active since at least 2022. The group is known for its DDoS attacks and has collaborated with other pro-Ru… |
| UTA0178 | UTA0178 CN | While Volexity largely observed the attacker essentially living off the land, they still deployed a handful of malware files and tools during the course of the… |
| UTA0178 | UTA0178 | While Volexity largely observed the attacker essentially living off the land, they still deployed a handful of malware files and tools during the course of the… |
| UTA0218 | UTA0218 | UTA0218 is a threat actor with advanced capabilities, targeting organizations to establish a reverse shell, acquire tools, and extract data. They exploit vulne… |
| UTA0218 | UTA0218 | UTA0218 is a threat actor with advanced capabilities, targeting organizations to establish a reverse shell, acquire tools, and extract data. They exploit vulne… |
| UTA0352 | UTA0352 RU | UTA0352 is a Russian threat actor attributed to phishing campaigns that exploit Microsoft OAuth 2.0 authentication workflows, often impersonating government of… |
| UTA0352 | UTA0352 | UTA0352 is a Russian threat actor attributed to phishing campaigns that exploit Microsoft OAuth 2.0 authentication workflows, often impersonating government of… |
| UTA0355 | UTA0355 RU | UTA0355 is a Russian threat actor that conducts phishing campaigns targeting individuals and organizations associated with Ukraine. The actor initiates contact… |
| UTA0355 | UTA0355 | UTA0355 is a Russian threat actor that conducts phishing campaigns targeting individuals and organizations associated with Ukraine. The actor initiates contact… |
| UTA0388 | UTA0388 CN | UTA0388 is a China-aligned APT known for spear-phishing campaigns targeting organizations in North America, Asia, and Europe, primarily to deliver a Go-based i… |
| UTA0388 | UTA0388 | UTA0388 is a China-aligned APT known for spear-phishing campaigns targeting organizations in North America, Asia, and Europe, primarily to deliver a Go-based i… |
| UTG-Q-008 | UTG-Q-008 | UTG-Q-008 is a threat actor targeting Linux platforms, primarily focusing on government and enterprise entities in China. They utilize a massive botnet network… |
| UTG-Q-008 | UTG-Q-008 | UTG-Q-008 is a threat actor targeting Linux platforms, primarily focusing on government and enterprise entities in China. They utilize a massive botnet network… |
| UTG-Q-010 | UTG-Q-010 | UTG-Q-010 is a financially motivated APT group from East Asia that has been active since late 2022, primarily targeting the pharmaceutical industry and cryptoc… |
| UTG-Q-010 | UTG-Q-010 | UTG-Q-010 is a financially motivated APT group from East Asia that has been active since late 2022, primarily targeting the pharmaceutical industry and cryptoc… |
| Vanilla Tempest | Vanilla Tempest | Vice Society is a ransomware group that has been active since at least June 2021. They primarily target the education and healthcare sectors, but have also bee… |
| VANILLA-TEMPEST | Vanilla Tempest | Vice Society is a ransomware group that has been active since at least June 2021. They primarily target the education and healthcare sectors, but have also bee… |
| Velvet Tempest | Velvet Tempest | Velvet Tempest is a threat actor associated with the BlackCat ransomware group. They have been observed deploying multiple ransomware payloads, including Black… |
| VELVET-TEMPEST | Velvet Tempest | Velvet Tempest is a threat actor associated with the BlackCat ransomware group. They have been observed deploying multiple ransomware payloads, including Black… |
| VENOM SPIDER | VENOM SPIDER | VENOM SPIDER is the developer of a large toolset that includes SKID, VenomKit and Taurus Loader. Under the moniker 'badbullzvenom', the adversary has been an a… |
| VENOM-SPIDER | VENOM SPIDER | VENOM SPIDER is the developer of a large toolset that includes SKID, VenomKit and Taurus Loader. Under the moniker 'badbullzvenom', the adversary has been an a… |
| VICE SPIDER | VICE SPIDER RU | Vice Spider is a Russian-speaking ransomware group that has been active since at least April 2021 and is linked to a significant increase in identity-based att… |
| VICE-SPIDER | VICE SPIDER | Vice Spider is a Russian-speaking ransomware group that has been active since at least April 2021 and is linked to a significant increase in identity-based att… |
| ViceLeaker | ViceLeaker | In May 2018, we discovered a campaign targeting dozens of mobile Android devices belonging to Israeli citizens. Kaspersky spyware sensors caught the signal of … |
| VICELEAKER | ViceLeaker | In May 2018, we discovered a campaign targeting dozens of mobile Android devices belonging to Israeli citizens. Kaspersky spyware sensors caught the signal of … |
| VICEROY TIGER | VICEROY TIGER IN | VICEROY TIGER is an adversary with a nexus to India that has historically targeted entities throughout multiple sectors. Older activity targeted multiple secto… |
| VICEROY-TIGER | VICEROY TIGER | VICEROY TIGER is an adversary with a nexus to India that has historically targeted entities throughout multiple sectors. Older activity targeted multiple secto… |
| Vicious Panda | Vicious Panda CN | Check Point Research discovered a new campaign against the Mongolian public sector, which takes advantage of the current Coronavirus scare, in order to deliver… |
| VICIOUS-PANDA | Vicious Panda | Check Point Research discovered a new campaign against the Mongolian public sector, which takes advantage of the current Coronavirus scare, in order to deliver… |
| ViciousTrap | ViciousTrap | ViciousTrap has compromised over 5,500 edge devices, transforming them into honeypots and utilizing a shell script called NetGhost to redirect incoming traffic… |
| VICIOUSTRAP | ViciousTrap | ViciousTrap has compromised over 5,500 edge devices, transforming them into honeypots and utilizing a shell script called NetGhost to redirect incoming traffic… |
| Viking Jackal | Viking Jackal AE | Viking Jackal is a threat actor (origin AE) catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Vikingdom. Original record: Viking Jacka… |
| VIKING-JACKAL | Viking Jackal | |
| VIKING SPIDER | VIKING SPIDER | VIKING SPIDER is the criminal group behind the development and distribution of Ragnar Locker ransomware. While public reporting indicates the group began threa… |
| VIKING-SPIDER | VIKING SPIDER | VIKING SPIDER is the criminal group behind the development and distribution of Ragnar Locker ransomware. While public reporting indicates the group began threa… |
| Void Arachne | Void Arachne | Void Arachne is a threat actor group targeting Chinese-speaking users with malicious MSI files containing legitimate software installers for AI software. They … |
| VOID-ARACHNE | Void Arachne | Void Arachne is a threat actor group targeting Chinese-speaking users with malicious MSI files containing legitimate software installers for AI software. They … |
| Void Balaur | Void Balaur | Void Balaur is a highly active hack-for-hire / cyber mercenary group with a wide range of known target types across the globe. Their services have been observe… |