2,004 indexed
ACTORSThreat actors
2004 threat-actor records from MISP-Galaxy v341. Filter by attributed country, or for country / sector / MITRE-Group facets see /explore/actors. Authored by Adam Lundqvist.
Showing 401–450 of 2,004 · page 9 of 41
| ID | Title | Summary |
|---|---|---|
| Danti | Danti | |
| DANTI | Danti | |
| Dark Basin | Dark Basin | Dark Basin is a hack-for-hire group that has targeted thousands of individuals and hundreds of institutions on six continents. Targets include advocacy groups … |
| DARK-BASIN | Dark Basin | Dark Basin is a hack-for-hire group that has targeted thousands of individuals and hundreds of institutions on six continents. Targets include advocacy groups … |
| Dark Caracal | Dark Caracal LB | Lookout and Electronic Frontier Foundation (EFF) have discovered Dark Caracal, a persistent and prolific actor, who at the time of writing is believed to be ad… |
| DARK-CARACAL | Dark Caracal | Lookout and Electronic Frontier Foundation (EFF) have discovered Dark Caracal, a persistent and prolific actor, who at the time of writing is believed to be ad… |
| DarkCasino | DarkCasino | DarkCasino is an economically motivated APT group that targets online trading platforms, including cryptocurrencies, online casinos, network banks, and online … |
| DARKCASINO | DarkCasino | DarkCasino is an economically motivated APT group that targets online trading platforms, including cryptocurrencies, online casinos, network banks, and online … |
| DarkGaboon | DarkGaboon | DarkGaboon is a financially motivated APT group that has been independently targeting Russian organizations since May 2023, primarily using phishing emails to … |
| DARKGABOON | DarkGaboon | DarkGaboon is a financially motivated APT group that has been independently targeting Russian organizations since May 2023, primarily using phishing emails to … |
| DarkHotel | DarkHotel KR | Kaspersky described DarkHotel in a 2014 report as: '... DarkHotel drives its campaigns by spear-phishing targets with highly advanced Flash zero-day exploits t… |
| DARKHOTEL | DarkHotel | Kaspersky described DarkHotel in a 2014 report as: '... DarkHotel drives its campaigns by spear-phishing targets with highly advanced Flash zero-day exploits t… |
| DarkHydrus | DarkHydrus | In July 2018, Unit 42 analyzed a targeted attack using a novel file type against at least one government agency in the Middle East. It was carried out by a pre… |
| DARKHYDRUS | DarkHydrus | In July 2018, Unit 42 analyzed a targeted attack using a novel file type against at least one government agency in the Middle East. It was carried out by a pre… |
| DarkPink | DarkPink | DarkPink is an APT group that has been active since mid-2021, primarily targeting government, military, and non-profit organizations in Southeast Asia and Euro… |
| DARKPINK | DarkPink | DarkPink is an APT group that has been active since mid-2021, primarily targeting government, military, and non-profit organizations in Southeast Asia and Euro… |
| DarkRaaS | DarkRaaS | DarkRaaS is a threat actor specializing in selling unauthorized access to various organizations' systems and networks across multiple countries, with a recent … |
| DARKRAAS | DarkRaaS | DarkRaaS is a threat actor specializing in selling unauthorized access to various organizations' systems and networks across multiple countries, with a recent … |
| DarkSpectre | DarkSpectre | |
| DARKSPECTRE | DarkSpectre | |
| DarkVishnya | DarkVishnya | Dubbed DarkVishnya, the attacks targeted at least eight banks using readily-available gear such as netbooks or inexpensive laptops, Raspberry Pi mini-computers… |
| DARKVISHNYA | DarkVishnya | Dubbed DarkVishnya, the attacks targeted at least eight banks using readily-available gear such as netbooks or inexpensive laptops, Raspberry Pi mini-computers… |
| Deadeye Jackal | Deadeye Jackal SY | The Syrian Electronic Army (SEA) is a group of computer hackers which first surfaced online in 2011 to support the government of Syrian President Bashar al-Ass… |
| DEADEYE-JACKAL | Deadeye Jackal | The Syrian Electronic Army (SEA) is a group of computer hackers which first surfaced online in 2011 to support the government of Syrian President Bashar al-Ass… |
| DefrayX | DefrayX | DefrayX is a threat actor group known for their RansomExx ransomware operations. They primarily target Linux operating systems, but also release versions for W… |
| DEFRAYX | DefrayX | DefrayX is a threat actor group known for their RansomExx ransomware operations. They primarily target Linux operating systems, but also release versions for W… |
| Denim Tsunami | Denim Tsunami AT | Denim Tsunami is a threat actor group that has been involved in targeted attacks against European and Central American customers. They have been observed using… |
| DENIM-TSUNAMI | Denim Tsunami | Denim Tsunami is a threat actor group that has been involved in targeted attacks against European and Central American customers. They have been observed using… |
| Desorden Group | Desorden Group | Desorden (Disorder in Spanish, previously known as ChaosCC), is a financially motivated hacker group. The group first emerged under the new name Desorden in Se… |
| DESORDEN-GROUP | Desorden Group | Desorden (Disorder in Spanish, previously known as ChaosCC), is a financially motivated hacker group. The group first emerged under the new name Desorden in Se… |
| DEV-0147 | DEV-0147 CN | DEV-0147 is a China-based cyber espionage actor was observed compromising diplomatic targets in South America, a notable expansion of the group's data exfiltra… |
| DEV-0147 | DEV-0147 | DEV-0147 is a China-based cyber espionage actor was observed compromising diplomatic targets in South America, a notable expansion of the group's data exfiltra… |
| DEV-0270 | DEV-0270 IR | Microsoft threat intelligence teams have been tracking multiple ransomware campaigns and have tied these attacks to DEV-0270, also known as Nemesis Kitten, a s… |
| DEV-0270 | DEV-0270 | Microsoft threat intelligence teams have been tracking multiple ransomware campaigns and have tied these attacks to DEV-0270, also known as Nemesis Kitten, a s… |
| DEV-0569 | DEV-0569 | DEV-0569, also known as Storm-0569, is a threat actor group that has been observed deploying the Royal ransomware. They utilize malicious ads and phishing tech… |
| DEV-0569 | DEV-0569 | DEV-0569, also known as Storm-0569, is a threat actor group that has been observed deploying the Royal ransomware. They utilize malicious ads and phishing tech… |
| DEV-0586 | DEV-0586 RU | MSTIC has not found any notable associations between this observed activity, tracked as DEV-0586, and other known activity groups. MSTIC assesses that the malw… |
| DEV-0586 | DEV-0586 | MSTIC has not found any notable associations between this observed activity, tracked as DEV-0586, and other known activity groups. MSTIC assesses that the malw… |
| DEV-0928 | DEV-0928 | DEV-0928 is a threat actor that has been tracked by Microsoft since September 2022. They are known for their involvement in high-volume phishing campaigns, usi… |
| DEV-0928 | DEV-0928 | DEV-0928 is a threat actor that has been tracked by Microsoft since September 2022. They are known for their involvement in high-volume phishing campaigns, usi… |
| DEV-0950 | DEV-0950 | Lace Tempest, also known as DEV-0950, is a threat actor that exploited vulnerabilities in software such as SysAid and PaperCut to gain unauthorized access to s… |
| DEV-0950 | DEV-0950 | Lace Tempest, also known as DEV-0950, is a threat actor that exploited vulnerabilities in software such as SysAid and PaperCut to gain unauthorized access to s… |
| DEV-1028 | DEV-1028 | DEV-1028 is a threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). Original record: Microsoft reported on MCCrash, an IoT botnet operated by the DEV-1028… |
| DEV-1028 | DEV-1028 | Microsoft reported on MCCrash, an IoT botnet operated by the DEV-1028 threat actor and used to launch DDoS attacks against private Minecraft servers. |
| DEXTOROUS SPIDER | DEXTOROUS SPIDER | |
| DEXTOROUS-SPIDER | DEXTOROUS SPIDER | |
| DiceyF | DiceyF CN | DiceyF is an advanced persistent threat group that has been targeting online casinos and other victims in Southeast Asia for an extended period. They have exhi… |
| DICEYF | DiceyF | DiceyF is an advanced persistent threat group that has been targeting online casinos and other victims in Southeast Asia for an extended period. They have exhi… |
| DieNet | DieNet | DieNet is a hacktivist group that emerged in March 2025, known for conducting DDoS attacks targeting entities associated with political figures, such as Trump … |
| DIENET | DieNet | DieNet is a hacktivist group that emerged in March 2025, known for conducting DDoS attacks targeting entities associated with political figures, such as Trump … |