Threat Actor Profile
High
APT
Description
Thrip is an espionage group that has targeted satellite communications, telecoms, and defense contractor companies in the U.S. and Southeast Asia. The group uses custom malware as well as "living off the land" techniques. (Citation: Symantec Thrip June 2018)
Confidence Score
Known Aliases
Thrip
Tags
mitre-attack
stix-2.1
intrusion-set
First Seen
Unknown
Last Updated
Unknown
Active Status
ActiveCreated
April 29, 2026
MITRE ATT&CK Techniques (4)
Indicators of Compromise
Loading IOCs…
IOC KQL for Sentinel
STIX Data
{'aliases': ['Thrip'],
'created': '2018-10-17T00:14:20.652Z',
'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'description': '[Thrip](https://attack.mitre.org/groups/G0076) is an '
'espionage group that has targeted satellite communications, '
'telecoms, and defense contractor companies in the U.S. and '
'Southeast Asia. The group uses custom malware as well as '
'"living off the land" techniques. (Citation: Symantec Thrip '
'June 2018)',
'external_references': [{'external_id': 'G0076',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/groups/G0076'},
{'description': '(Citation: Symantec Thrip June 2018)',
'source_name': 'Thrip'},
{'description': 'Security Response Attack '
'Investigation Team. (2018, June 19). '
'Thrip: Espionage Group Hits '
'Satellite, Telecoms, and Defense '
'Companies. Retrieved July 10, 2018.',
'source_name': 'Symantec Thrip June 2018',
'url': 'https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets'}],
'id': 'intrusion-set--d69e568e-9ac8-4c08-b32c-d93b43ba9172',
'modified': '2025-04-25T14:49:36.307Z',
'name': 'Thrip',
'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
'spec_version': '2.1',
'type': 'intrusion-set',
'x_mitre_attack_spec_version': '3.2.0',
'x_mitre_deprecated': False,
'x_mitre_domains': ['enterprise-attack'],
'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'x_mitre_version': '1.2'}