2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 201–250 of 2,004 · page 5 of 41
| ID | Title | Summary |
|---|---|---|
| BLACKTAIL | Blacktail | Blacktail is a cybercrime group that has gained attention for its ransomware campaigns, particularly the Buhti ransomware. They are known for using custom-buil… |
| BlackTech | BlackTech CN | BlackTech is a cyber espionage group operating against targets in East Asia, particularly Taiwan, and occasionally, Japan and Hong Kong. Based on the mutexes a… |
| BLACKTECH | BlackTech | BlackTech is a cyber espionage group operating against targets in East Asia, particularly Taiwan, and occasionally, Japan and Hong Kong. Based on the mutexes a… |
| Blackwood | Blackwood CN | Blackwood is a China-aligned APT group that has been active since at least 2018. They primarily engage in cyberespionage operations targeting individuals and c… |
| BLACKWOOD | Blackwood | Blackwood is a China-aligned APT group that has been active since at least 2018. They primarily engage in cyberespionage operations targeting individuals and c… |
| BladedFeline | BladedFeline IR | BladedFeline is an Iran-aligned APT group that has been active since at least 2017, targeting Iraqi and Kurdish government officials for cyberespionage. The gr… |
| BLADEDFELINE | BladedFeline | BladedFeline is an Iran-aligned APT group that has been active since at least 2017, targeting Iraqi and Kurdish government officials for cyberespionage. The gr… |
| BladeHawk | BladeHawk | BladeHawk is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Operational targeting focuses on the Government sector. Documented victim organisatio… |
| BLADEHAWK | BladeHawk | |
| Blue Termite | Blue Termite CN | Blue Termite is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as Cloudy Omega, Emdivi. Operational … |
| BLUE-TERMITE | Blue Termite | Blue Termite is a group of suspected Chinese origin active in Japan. |
| Blue Tsunami | Blue Tsunami IL | Blue Tsunami, also known as Black Cube, is a cyber mercenary group associated with the private intelligence firm Black Cube. They target individuals in various… |
| BLUE-TSUNAMI | Blue Tsunami | Blue Tsunami, also known as Black Cube, is a cyber mercenary group associated with the private intelligence firm Black Cube. They target individuals in various… |
| BlueBottle | BlueBottle | Bluebottle, a cyber-crime group that specializes in targeted attacks against the financial sector, is continuing to mount attacks on banks in Francophone count… |
| BLUEBOTTLE | BlueBottle | Bluebottle, a cyber-crime group that specializes in targeted attacks against the financial sector, is continuing to mount attacks on banks in Francophone count… |
| BlueHornet | BlueHornet | BlueHornet is an advanced persistent threat group targeting government organizations in China, North Korea, Iran, and Russia. They have compromised and leaked … |
| BLUEHORNET | BlueHornet | BlueHornet is an advanced persistent threat group targeting government organizations in China, North Korea, Iran, and Russia. They have compromised and leaked … |
| Bohrium | Bohrium IR | Bohrium is an Iranian threat actor that has been involved in spear-phishing operations targeting organizations in the US, Middle East, and India. They often cr… |
| BOHRIUM | Bohrium | Bohrium is an Iranian threat actor that has been involved in spear-phishing operations targeting organizations in the US, Middle East, and India. They often cr… |
| Bondnet | Bondnet | Bondnet is a threat actor that deploys backdoors and cryptocurrency miners. They use high-performance bots as C2 servers and configure reverse RDP environments… |
| BONDNET | Bondnet | Bondnet is a threat actor that deploys backdoors and cryptocurrency miners. They use high-performance bots as C2 servers and configure reverse RDP environments… |
| Boolka | Boolka | Boolka is a threat actor known for infecting websites with malicious JavaScript scripts for data exfiltration. They have been carrying out opportunistic SQL in… |
| BOOLKA | Boolka | Boolka is a threat actor known for infecting websites with malicious JavaScript scripts for data exfiltration. They have been carrying out opportunistic SQL in… |
| BOSON SPIDER | BOSON SPIDER | BOSON SPIDER is a cyber criminal group, which was first identified in 2015, recently and inexplicably went dark in the spring of 2016, appears to be a tightly … |
| BOSON-SPIDER | BOSON SPIDER | BOSON SPIDER is a cyber criminal group, which was first identified in 2015, recently and inexplicably went dark in the spring of 2016, appears to be a tightly … |
| BOSS SPIDER | BOSS SPIDER | Throughout 2018, CrowdStrike Intelligence tracked BOSS SPIDER as it regularly updated Samas ransomware and received payments to known Bitcoin (BTC) addresses. … |
| BOSS-SPIDER | BOSS SPIDER | Throughout 2018, CrowdStrike Intelligence tracked BOSS SPIDER as it regularly updated Samas ransomware and received payments to known Bitcoin (BTC) addresses. … |
| Boulder Bear | Boulder Bear RU | Boulder Bear is a Russian-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: Boulder Bear is a Russian-attributed threat ac… |
| BOULDER-BEAR | Boulder Bear | First observed activity in December 2013. |
| BrazenBamboo | BrazenBamboo CN | BrazenBamboo is a Chinese state-affiliated threat actor known for developing the LIGHTSPY, DEEPDATA, and DEEPPOST malware families. Their infrastructure includ… |
| BRAZENBAMBOO | BrazenBamboo | BrazenBamboo is a Chinese state-affiliated threat actor known for developing the LIGHTSPY, DEEPDATA, and DEEPPOST malware families. Their infrastructure includ… |
| BreachLaboratory | BreachLaboratory | BreachLaboratory is a cybercrime actor that specializes in the extraction and sale of sensitive financial and identity datasets from various organizations. The… |
| BREACHLABORATORY | BreachLaboratory | BreachLaboratory is a cybercrime actor that specializes in the extraction and sale of sensitive financial and identity datasets from various organizations. The… |
| BRONZE EDGEWOOD | BRONZE EDGEWOOD CN | In early 2021 CTU researchers observed BRONZE EDGEWOOD exploiting the Microsoft Exchange Server of an organization in Southeast Asia. The threat group deployed… |
| BRONZE-EDGEWOOD | BRONZE EDGEWOOD | In early 2021 CTU researchers observed BRONZE EDGEWOOD exploiting the Microsoft Exchange Server of an organization in Southeast Asia. The threat group deployed… |
| BRONZE HIGHLAND | BRONZE HIGHLAND CN | BRONZE HIGHLAND has been observed using spearphishing as an initial infection vector to deploy the MgBot remote access trojan against targets in Hong Kong. Thi… |
| BRONZE-HIGHLAND | BRONZE HIGHLAND | BRONZE HIGHLAND has been observed using spearphishing as an initial infection vector to deploy the MgBot remote access trojan against targets in Hong Kong. Thi… |
| BRONZE SPIRAL | BRONZE SPIRAL CN | In December 2020, the IT management software provider SolarWinds announced that an unidentified threat actor had exploited a vulnerability in their Orion Platf… |
| BRONZE-SPIRAL | BRONZE SPIRAL | In December 2020, the IT management software provider SolarWinds announced that an unidentified threat actor had exploited a vulnerability in their Orion Platf… |
| BRONZE SPRING | BRONZE SPRING CN | BRONZE SPRING is a threat group that CTU researchers assess with high confidence operates on behalf of China in the theft of intellectual property from defense… |
| BRONZE-SPRING | BRONZE SPRING | BRONZE SPRING is a threat group that CTU researchers assess with high confidence operates on behalf of China in the theft of intellectual property from defense… |
| BRONZE STARLIGHT | BRONZE STARLIGHT CN | BRONZE STARLIGHT has been active since mid 2021 and targets organizations globally across a range of industry verticals. The group leverages HUI Loader to load… |
| BRONZE-STARLIGHT | BRONZE STARLIGHT | BRONZE STARLIGHT has been active since mid 2021 and targets organizations globally across a range of industry verticals. The group leverages HUI Loader to load… |
| BRONZE VAPOR | BRONZE VAPOR CN | BRONZE VAPOR is a targeted threat group assessed with moderate confidence to be of Chinese origin. Artefacts from tools associated with this group and open sou… |
| BRONZE-VAPOR | BRONZE VAPOR | BRONZE VAPOR is a targeted threat group assessed with moderate confidence to be of Chinese origin. Artefacts from tools associated with this group and open sou… |
| Budminer | Budminer CN | Based on the evidence we have presented Symantec attributed the activity involving theDripion malware to the Budminer advanced threat group. While we have not … |
| BUDMINER | Budminer | Based on the evidence we have presented Symantec attributed the activity involving theDripion malware to the Budminer advanced threat group. While we have not … |
| BuhTrap | BuhTrap RU | Buhtrap has been active since 2014, however their first attacks against financial institutions were only detected in August 2015. Earlier, the group had only f… |
| BUHTRAP | BuhTrap | Buhtrap has been active since 2014, however their first attacks against financial institutions were only detected in August 2015. Earlier, the group had only f… |
| ByteToBreach | ByteToBreach | ByteToBreach is a prolific cybercriminal who operates across multiple platforms, including DarkForums and Telegram, and has been active since at least June 202… |