Threat Actor Database
alphv
Critical

The operators of the ALPHV/BlackCat ransomware began their activity in December 2021, making posts on Dark Web forums t…

Type Cybercriminal
Confidence
100%
Aliases
blackcat
MITRE Techniques 32 techniques
Tags
ransomware ransomware.live blackcat
No recent activity View Details
bianlian
Critical

BianLian ransomware operations began in late 2021. The group practices multi-pronged extortion, demanding payment for a…

Type Cybercriminal
Confidence
100%
MITRE Techniques 11 techniques
Tags
ransomware ransomware.live
No recent activity View Details
blackbasta
Critical

"Black Basta" is a new ransomware strain discovered during April 2022 - looks in dev since at least early February 2022…

Type Cybercriminal
Confidence
100%
MITRE Techniques 9 techniques
Tags
ransomware ransomware.live
No recent activity View Details
clop
Critical

The ransomware group known as Cl0p is a variant of a previously known strain dubbed CryptoMix. It is worth noting that …

Type Cybercriminal
Confidence
100%
MITRE Techniques 31 techniques
Tags
ransomware ransomware.live
No recent activity View Details
dragonforce
Critical
Type Cybercriminal
Confidence
100%
MITRE Techniques 5 techniques
Tags
ransomware ransomware.live
No recent activity View Details
incransom
Critical
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
lockbit2
Critical
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
lockbit3
Critical

LockBit, also recognized as LockBit Black or Lockbit 3.0, is one of the largest Ransomware Groups in the world and has …

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
medusa
Critical
Type Cybercriminal
Confidence
100%
MITRE Techniques 19 techniques
Tags
ransomware ransomware.live
No recent activity View Details
qilin
Critical

Qilin ransomware was first observed in July of 2022. Qilin Ransomware is written in Golang and supports multiple encryp…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
ransomhub
Critical

The group emerged in mid-February 2024 and has already listed several organizations as alleged victims of their attacks…

Type Cybercriminal
Confidence
100%
MITRE Techniques 8 techniques
Tags
ransomware ransomware.live
No recent activity View Details
8base
High

The 8base Ransomware group made its first appearance in early March 2022, remaining somewhat quiet after the attacks. T…

Type Cybercriminal
Confidence
100%
MITRE Techniques 28 techniques
Tags
ransomware ransomware.live
No recent activity View Details
ALLANITE
High

ALLANITEis a suspected Russian cyber espionage group, that has primarily targeted the electric utility sector within th…

Type APT
Confidence
100%
MITRE Techniques 4 techniques
Tags
mitre-attack crawled web-source +1 more
Last seen: 19 hours, 46 minutes ago View Details
APT-C-23
High

APT-C-23is a threat group that has been active since at least 2014.[1]APT-C-23has primarily focused its operations on t…

Type APT
Confidence
100%
MITRE Techniques 3 techniques
Tags
mitre-attack crawled web-source +1 more
Last seen: 19 hours, 46 minutes ago View Details
APT-C-36
High

APT-C-36is a suspected South American threat group that has engaged in espionage and financially motivated operations s…

Type APT
Confidence
100%
MITRE Techniques 25 techniques
Tags
mitre-attack crawled web-source +1 more
Last seen: 19 hours, 46 minutes ago View Details
APT1
High

APT1is a Chinese threat group that has been attributed to the 2nd Bureau of the People’s Liberation Army (PLA) General …

Type APT
Confidence
100%
MITRE Techniques 20 techniques
Tags
mitre-attack crawled web-source +1 more
Last seen: 19 hours, 46 minutes ago View Details
APT12
High

APT12is a threat group that has been attributed to China. The group has targeted a variety of victims including but not…

Type APT
Confidence
100%
MITRE Techniques 5 techniques
Tags
mitre-attack crawled web-source +1 more
Last seen: 19 hours, 46 minutes ago View Details
APT16
High

APT16is a China-based threat group that has launched spearphishing campaigns targeting Japanese and Taiwanese organizat…

Type APT
Confidence
100%
MITRE Techniques 1 techniques
Tags
mitre-attack crawled web-source +1 more
Last seen: 19 hours, 46 minutes ago View Details
APT17
High

APT17is a China-based threat group that has conducted network intrusions against U.S. government entities, the defense …

Type APT
Confidence
100%
MITRE Techniques 2 techniques
Tags
mitre-attack crawled web-source +1 more
Last seen: 19 hours, 46 minutes ago View Details
APT18
High

APT18is a threat group that has operated since at least 2009 and has targeted a range of industries, including technolo…

Type APT
Confidence
100%
MITRE Techniques 11 techniques
Tags
mitre-attack crawled web-source +1 more
Last seen: 19 hours, 46 minutes ago View Details
APT19
High

APT19is a Chinese-based threat group that has targeted a variety of industries, including defense, finance, energy, pha…

Type APT
Confidence
100%
MITRE Techniques 18 techniques
Tags
mitre-attack crawled web-source +1 more
Last seen: 19 hours, 46 minutes ago View Details
APT28
High

APT28is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main…

Type APT
Confidence
100%
MITRE Techniques 77 techniques
Tags
mitre-attack crawled web-source +1 more
Last seen: 19 hours, 46 minutes ago View Details
APT29
High

APT29is threat group that has been attributed to Russia's Foreign Intelligence Service (SVR).[1][2]They have operated s…

Type APT
Confidence
100%
MITRE Techniques 72 techniques
Tags
mitre-attack crawled web-source +1 more
Last seen: 19 hours, 46 minutes ago View Details
APT3
High

APT3is a China-based threat group that researchers have attributed to China's Ministry of State Security.[1][2]This gro…

Type APT
Confidence
100%
MITRE Techniques 40 techniques
Tags
mitre-attack crawled web-source +1 more
Last seen: 19 hours, 46 minutes ago View Details
APT30
High

APT30is a threat group suspected to be associated with the Chinese government. WhileNaikonshares some characteristics w…

Type APT
Confidence
100%
MITRE Techniques 2 techniques
Tags
mitre-attack crawled web-source +1 more
Last seen: 19 hours, 46 minutes ago View Details
APT32
High

APT32is a suspected Vietnam-based threat group that has been active since at least 2014. The group has targeted multipl…

Type APT
Confidence
100%
MITRE Techniques 55 techniques
Tags
mitre-attack crawled web-source +1 more
Last seen: 19 hours, 46 minutes ago View Details
APT33
High

APT33is a suspected Iranian threat group that has carried out operations since at least 2013. The group has targeted or…

Type APT
Confidence
100%
MITRE Techniques 26 techniques
Tags
mitre-attack crawled web-source +1 more
Last seen: 19 hours, 46 minutes ago View Details
APT34
High
Type APT
Confidence
90%
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
APT37
High

APT37is a North Korean state-sponsored cyber espionage group that has been active since at least 2012. The group has ta…

Type APT
Confidence
100%
MITRE Techniques 25 techniques
Tags
mitre-attack crawled web-source +1 more
Last seen: 19 hours, 46 minutes ago View Details
APT38
High

[APT38](https://attack.mitre.org/groups/G0082) is a North Korean state-sponsored threat group that specializes in finan…

Type APT
Confidence
90%
Aliases
APT38 NICKEL GLADSTONE BeagleBoyz +4 more
MITRE Techniques 56 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
APT39
High

[APT39](https://attack.mitre.org/groups/G0087) is one of several names for cyber espionage activity conducted by the Ir…

Type APT
Confidence
90%
Aliases
APT39 ITG07 Chafer +1 more
MITRE Techniques 53 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
APT41
High

[APT41](https://attack.mitre.org/groups/G0096) is a threat group that researchers have assessed as Chinese state-sponso…

Type APT
Confidence
90%
Aliases
APT41 Wicked Panda Brass Typhoon +1 more
MITRE Techniques 82 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
APT42
High

[APT42](https://attack.mitre.org/groups/G1044) is an Iranian-sponsored threat group that conducts cyber espionage and s…

Type APT
Confidence
90%
Aliases
APT42
MITRE Techniques 31 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
APT5
High

[APT5](https://attack.mitre.org/groups/G1023) is a China-based espionage actor that has been active since at least 2007…

Type APT
Confidence
90%
Aliases
APT5 Mulberry Typhoon MANGANESE +3 more
MITRE Techniques 29 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Agrius
High

Agriusis an Iranian threat actor active since 2020 notable for a series of ransomware and wiper operations in the Middl…

Type APT
Confidence
100%
MITRE Techniques 20 techniques
Tags
mitre-attack crawled web-source +1 more
Last seen: 19 hours, 46 minutes ago View Details
Ajax Security Team
High

Ajax Security Teamis a group that has been active since at least 2010 and believed to be operating out of Iran. By 2014…

Type APT
Confidence
100%
MITRE Techniques 5 techniques
Tags
mitre-attack crawled web-source +1 more
Last seen: 19 hours, 46 minutes ago View Details
Akira
High

Akirais a ransomware variant and ransomware deployment entity active since at least March 2023.[1]Akirauses compromised…

Type APT
Confidence
100%
MITRE Techniques 17 techniques
Tags
mitre-attack crawled web-source +1 more
Last seen: 19 hours, 46 minutes ago View Details
Andariel
High

Andarielis a North Korean state-sponsored threat group that has been active since at least 2009.Andarielhas primarily f…

Type APT
Confidence
100%
MITRE Techniques 12 techniques
Tags
mitre-attack crawled web-source +1 more
Last seen: 19 hours, 46 minutes ago View Details
Aoqin Dragon
High

Aoqin Dragonis a suspected Chinese cyber espionage threat group that has been active since at least 2013.Aoqin Dragonha…

Type APT
Confidence
100%
MITRE Techniques 9 techniques
Tags
mitre-attack crawled web-source +1 more
Last seen: 19 hours, 46 minutes ago View Details
AppleJeus
High

AppleJeusis a North Korean state-sponsored threat group attributed to the Reconnaissance General Bureau. Associated wit…

Type APT
Confidence
100%
MITRE Techniques 20 techniques
Tags
mitre-attack crawled web-source +1 more
Last seen: 19 hours, 46 minutes ago View Details
Aquatic Panda
High

[Aquatic Panda](https://attack.mitre.org/groups/G0143) is a suspected China-based threat group with a dual mission of i…

Type APT
Confidence
90%
Aliases
Aquatic Panda
MITRE Techniques 35 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Axiom
High

[Axiom](https://attack.mitre.org/groups/G0001) is a suspected Chinese cyber espionage group that has targeted the aeros…

Type APT
Confidence
90%
Aliases
Axiom Group 72
MITRE Techniques 16 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
BITTER
High

[BITTER](https://attack.mitre.org/groups/G1002) is a suspected South Asian cyber espionage threat group that has been a…

Type APT
Confidence
90%
Aliases
BITTER T-APT-17
MITRE Techniques 16 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
BRONZE BUTLER
High

[BRONZE BUTLER](https://attack.mitre.org/groups/G0060) is a cyber espionage group with likely Chinese origins that has …

Type APT
Confidence
90%
Aliases
BRONZE BUTLER REDBALDKNIGHT Tick
MITRE Techniques 40 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
BackdoorDiplomacy
High

[BackdoorDiplomacy](https://attack.mitre.org/groups/G0135) is a cyber espionage threat group that has been active since…

Type APT
Confidence
90%
Aliases
BackdoorDiplomacy
MITRE Techniques 15 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
BlackByte
High

[BlackByte](https://attack.mitre.org/groups/G1043) is a ransomware threat actor operating since at least 2021. [BlackBy…

Type APT
Confidence
100%
Aliases
BlackByte Hecamede
MITRE Techniques 49 techniques
Tags
intrusion-set mitre-attack ransomware +2 more
No recent activity View Details
BlackOasis
High

[BlackOasis](https://attack.mitre.org/groups/G0063) is a Middle Eastern threat group that is believed to be a customer …

Type APT
Confidence
90%
Aliases
BlackOasis
MITRE Techniques 1 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
BlackTech
High

[BlackTech](https://attack.mitre.org/groups/G0098) is a suspected Chinese cyber espionage group that has primarily targ…

Type APT
Confidence
90%
Aliases
BlackTech Palmerworm
MITRE Techniques 14 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Blue Mockingbird
High

[Blue Mockingbird](https://attack.mitre.org/groups/G0108) is a cluster of observed activity involving Monero cryptocurr…

Type APT
Confidence
90%
Aliases
Blue Mockingbird
MITRE Techniques 22 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
CURIUM
High

[CURIUM](https://attack.mitre.org/groups/G1012) is an Iranian threat group, first reported in September 2019 and active…

Type APT
Confidence
90%
Aliases
CURIUM Crimson Sandstorm TA456 +2 more
MITRE Techniques 19 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Carbanak
High

[Carbanak](https://attack.mitre.org/groups/G0008) is a cybercriminal group that has used [Carbanak](https://attack.mitr…

Type APT
Confidence
90%
Aliases
Carbanak Anunak
MITRE Techniques 9 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Charming Kitten
High

[Charming Kitten](https://attack.mitre.org/groups/G0058) is an Iranian cyber espionage group that has been active since…

Type APT
Confidence
90%
Aliases
Charming Kitten
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Chimera
High

[Chimera](https://attack.mitre.org/groups/G0114) is a suspected China-based threat group that has been active since at …

Type APT
Confidence
90%
Aliases
Chimera
MITRE Techniques 59 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Cinnamon Tempest
High

[Cinnamon Tempest](https://attack.mitre.org/groups/G1021) is a China-based threat group that has been active since at l…

Type APT
Confidence
90%
Aliases
Cinnamon Tempest DEV-0401 Emperor Dragonfly +1 more
MITRE Techniques 19 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Cleaver
High

[Cleaver](https://attack.mitre.org/groups/G0003) is a threat group that has been attributed to Iranian actors and is re…

Type APT
Confidence
90%
Aliases
Cleaver Threat Group 2889 TG-2889
MITRE Techniques 5 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Cobalt Group
High

[Cobalt Group](https://attack.mitre.org/groups/G0080) is a financially motivated threat group that has primarily target…

Type APT
Confidence
90%
Aliases
Cobalt Group GOLD KINGSWOOD Cobalt Gang +1 more
MITRE Techniques 34 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Confucius
High

[Confucius](https://attack.mitre.org/groups/G0142) is a cyber espionage group that has primarily targeted military pers…

Type APT
Confidence
90%
Aliases
Confucius Confucius APT
MITRE Techniques 19 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Contagious Interview
High

[Contagious Interview](https://attack.mitre.org/groups/G1052) is a North Korea–aligned threat group active since 2023. …

Type APT
Confidence
90%
Aliases
Contagious Interview DeceptiveDevelopment Gwisin Gang +4 more
MITRE Techniques 52 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
CopyKittens
High

[CopyKittens](https://attack.mitre.org/groups/G0052) is an Iranian cyber espionage group that has been operating since …

Type APT
Confidence
90%
Aliases
CopyKittens
MITRE Techniques 8 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
CostaRicto
High

[CostaRicto](https://attack.mitre.org/groups/G0132) is a suspected hacker-for-hire cyber espionage campaign that has ta…

Type APT
Confidence
90%
Aliases
CostaRicto
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Daggerfly
High

[Daggerfly](https://attack.mitre.org/groups/G1034) is a People's Republic of China-linked APT entity active since at le…

Type APT
Confidence
90%
Aliases
Daggerfly Evasive Panda BRONZE HIGHLAND
MITRE Techniques 17 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Dark Caracal
High

[Dark Caracal](https://attack.mitre.org/groups/G0070) is threat group that has been attributed to the Lebanese General …

Type APT
Confidence
90%
Aliases
Dark Caracal
MITRE Techniques 12 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
DarkHydrus
High

[DarkHydrus](https://attack.mitre.org/groups/G0079) is a threat group that has targeted government agencies and educati…

Type APT
Confidence
90%
Aliases
DarkHydrus
MITRE Techniques 7 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
DarkVishnya
High

[DarkVishnya](https://attack.mitre.org/groups/G0105) is a financially motivated threat actor targeting financial instit…

Type APT
Confidence
90%
Aliases
DarkVishnya
MITRE Techniques 10 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Darkhotel
High

[Darkhotel](https://attack.mitre.org/groups/G0012) is a suspected South Korean threat group that has targeted victims p…

Type APT
Confidence
90%
Aliases
Darkhotel DUBNIUM Zigzag Hail
MITRE Techniques 24 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Deep Panda
High

[Deep Panda](https://attack.mitre.org/groups/G0009) is a suspected Chinese threat group known to target many industries…

Type APT
Confidence
90%
Aliases
Deep Panda Shell Crew WebMasters +3 more
MITRE Techniques 10 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
DragonOK
High

[DragonOK](https://attack.mitre.org/groups/G0017) is a threat group that has targeted Japanese organizations with phish…

Type APT
Confidence
90%
Aliases
DragonOK
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Dragonfly
High

[Dragonfly](https://attack.mitre.org/groups/G0035) is a cyber espionage group that has been attributed to Russia's Fede…

Type APT
Confidence
90%
Aliases
Dragonfly TEMP.Isotope DYMALLOY +7 more
MITRE Techniques 56 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Dragonfly 2.0
High

[Dragonfly 2.0](https://attack.mitre.org/groups/G0074) is a suspected Russian group that has targeted government entiti…

Type APT
Confidence
90%
Aliases
Dragonfly 2.0 IRON LIBERTY DYMALLOY +1 more
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Dust Storm
High

[Dust Storm](https://attack.mitre.org/groups/G0031) is a threat group that has targeted multiple industries in Japan, S…

Type APT
Confidence
90%
Aliases
Dust Storm
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
EXOTIC LILY
High

[EXOTIC LILY](https://attack.mitre.org/groups/G1011) is a financially motivated group that has been closely linked with…

Type APT
Confidence
90%
Aliases
EXOTIC LILY
MITRE Techniques 15 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Earth Lusca
High

[Earth Lusca](https://attack.mitre.org/groups/G1006) is a suspected China-based cyber espionage group that has been act…

Type APT
Confidence
90%
Aliases
Earth Lusca TAG-22 Charcoal Typhoon +2 more
MITRE Techniques 44 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Elderwood
High

[Elderwood](https://attack.mitre.org/groups/G0066) is a suspected Chinese cyber espionage group that was reportedly res…

Type APT
Confidence
90%
Aliases
Elderwood Elderwood Gang Beijing Group +1 more
MITRE Techniques 9 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Ember Bear
High

[Ember Bear](https://attack.mitre.org/groups/G1003) is a Russian state-sponsored cyber espionage group that has been ac…

Type APT
Confidence
90%
Aliases
Ember Bear UNC2589 Bleeding Bear +4 more
MITRE Techniques 48 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Equation
High

[Equation](https://attack.mitre.org/groups/G0020) is a sophisticated threat group that employs multiple remote access t…

Type APT
Confidence
90%
Aliases
Equation
MITRE Techniques 4 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Evilnum
High

[Evilnum](https://attack.mitre.org/groups/G0120) is a financially motivated threat group that has been active since at …

Type APT
Confidence
90%
Aliases
Evilnum
MITRE Techniques 11 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
FIN10
High

[FIN10](https://attack.mitre.org/groups/G0051) is a financially motivated threat group that has targeted organizations …

Type APT
Confidence
90%
Aliases
FIN10
MITRE Techniques 11 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
FIN13
High

[FIN13](https://attack.mitre.org/groups/G1016) is a financially motivated cyber threat group that has targeted the fina…

Type APT
Confidence
90%
Aliases
FIN13 Elephant Beetle
MITRE Techniques 53 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
FIN4
High

[FIN4](https://attack.mitre.org/groups/G0085) is a financially-motivated threat group that has targeted confidential in…

Type APT
Confidence
90%
Aliases
FIN4
MITRE Techniques 12 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
FIN5
High

[FIN5](https://attack.mitre.org/groups/G0053) is a financially motivated threat group that has targeted personally iden…

Type APT
Confidence
90%
Aliases
FIN5
MITRE Techniques 11 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
FIN6
High

[FIN6](https://attack.mitre.org/groups/G0037) is a cyber crime group that has stolen payment card data and sold it for …

Type APT
Confidence
90%
Aliases
FIN6 Magecart Group 6 ITG08 +3 more
MITRE Techniques 40 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
FIN7
High

[FIN7](https://attack.mitre.org/groups/G0046) is a financially-motivated threat group that has been active since 2013. …

Type APT
Confidence
90%
Aliases
FIN7 GOLD NIAGARA ITG14 +3 more
MITRE Techniques 67 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
FIN8
High

[FIN8](https://attack.mitre.org/groups/G0061) is a financially motivated threat group that has been active since at lea…

Type APT
Confidence
90%
Aliases
FIN8 Syssphinx
MITRE Techniques 36 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Ferocious Kitten
High

[Ferocious Kitten](https://attack.mitre.org/groups/G0137) is a threat group that has primarily targeted Persian-speakin…

Type APT
Confidence
90%
Aliases
Ferocious Kitten
MITRE Techniques 6 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Fox Kitten
High

[Fox Kitten](https://attack.mitre.org/groups/G0117) is threat actor with a suspected nexus to the Iranian government th…

Type APT
Confidence
90%
Aliases
Fox Kitten UNC757 Parisite +3 more
MITRE Techniques 41 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Frankenstein
High

[Frankenstein](https://attack.mitre.org/groups/G0101) is a campaign carried out between January and April 2019 by unkno…

Type APT
Confidence
90%
Aliases
Frankenstein
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
GALLIUM
High

[GALLIUM](https://attack.mitre.org/groups/G0093) is a cyberespionage group that has been active since at least 2012, pr…

Type APT
Confidence
90%
Aliases
GALLIUM Granite Typhoon
MITRE Techniques 31 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
GCMAN
High

[GCMAN](https://attack.mitre.org/groups/G0036) is a threat group that focuses on targeting banks for the purpose of tra…

Type APT
Confidence
90%
Aliases
GCMAN
MITRE Techniques 2 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
GOLD SOUTHFIELD
High

[GOLD SOUTHFIELD](https://attack.mitre.org/groups/G0115) is a financially motivated threat group active since at least …

Type APT
Confidence
90%
Aliases
GOLD SOUTHFIELD Pinchy Spider
MITRE Techniques 9 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Gallmaker
High

[Gallmaker](https://attack.mitre.org/groups/G0084) is a cyberespionage group that has targeted victims in the Middle Ea…

Type APT
Confidence
90%
Aliases
Gallmaker
MITRE Techniques 6 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Gamaredon Group
High

[Gamaredon Group](https://attack.mitre.org/groups/G0047) is a suspected Russian cyber espionage group that has targeted…

Type APT
Confidence
90%
Aliases
Gamaredon Group IRON TILDEN Primitive Bear +5 more
MITRE Techniques 70 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Gelsemium
High

[Gelsemium](https://attack.mitre.org/groups/G0141) is a cyberespionage group that has been active since at least 2014, …

Type APT
Confidence
90%
Aliases
Gelsemium
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Gorgon Group
High

[Gorgon Group](https://attack.mitre.org/groups/G0078) is a threat group consisting of members who are suspected to be P…

Type APT
Confidence
90%
Aliases
Gorgon Group
MITRE Techniques 16 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Group5
High

[Group5](https://attack.mitre.org/groups/G0043) is a threat group with a suspected Iranian nexus, though this attributi…

Type APT
Confidence
90%
Aliases
Group5
MITRE Techniques 4 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
HAFNIUM
High

[HAFNIUM](https://attack.mitre.org/groups/G0125) is a likely state-sponsored cyber espionage group operating out of Chi…

Type APT
Confidence
90%
Aliases
HAFNIUM Operation Exchange Marauder Silk Typhoon
MITRE Techniques 44 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
HEXANE
High

[HEXANE](https://attack.mitre.org/groups/G1001) is a cyber espionage threat group that has targeted oil & gas, telecomm…

Type APT
Confidence
90%
Aliases
HEXANE Lyceum Siamesekitten +1 more
MITRE Techniques 36 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Higaisa
High

[Higaisa](https://attack.mitre.org/groups/G0126) is a threat group suspected to have South Korean origins. [Higaisa](ht…

Type APT
Confidence
90%
Aliases
Higaisa
MITRE Techniques 28 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Honeybee
High

[Honeybee](https://attack.mitre.org/groups/G0072) is a campaign led by an unknown actor that targets humanitarian aid o…

Type APT
Confidence
90%
Aliases
Honeybee
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
INC Ransom
High

[INC Ransom](https://attack.mitre.org/groups/G1032) is a ransomware and data extortion threat group associated with the…

Type APT
Confidence
90%
Aliases
INC Ransom GOLD IONIC
MITRE Techniques 25 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Inception
High

[Inception](https://attack.mitre.org/groups/G0100) is a cyber espionage group active since at least 2014. The group has…

Type APT
Confidence
90%
Aliases
Inception Inception Framework Cloud Atlas
MITRE Techniques 22 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
IndigoZebra
High

[IndigoZebra](https://attack.mitre.org/groups/G0136) is a suspected Chinese cyber espionage group that has been targeti…

Type APT
Confidence
90%
Aliases
IndigoZebra
MITRE Techniques 7 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Indrik Spider
High

[Indrik Spider](https://attack.mitre.org/groups/G0119) is a Russia-based cybercriminal group that has been active since…

Type APT
Confidence
90%
Aliases
Indrik Spider Evil Corp Manatee Tempest +2 more
MITRE Techniques 33 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Ke3chang
High

[Ke3chang](https://attack.mitre.org/groups/G0004) is a threat group attributed to actors operating out of China. [Ke3ch…

Type APT
Confidence
90%
Aliases
Ke3chang APT15 Mirage +6 more
MITRE Techniques 46 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Kimsuky
High

[Kimsuky](https://attack.mitre.org/groups/G0094) is a North Korea-based cyber espionage group that has been active sinc…

Type APT
Confidence
90%
Aliases
Kimsuky Black Banshee Velvet Chollima +5 more
MITRE Techniques 109 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
LAPSUS$
High

[LAPSUS$](https://attack.mitre.org/groups/G1004) is cyber criminal threat group that has been active since at least mid…

Type APT
Confidence
100%
Aliases
DEV-0537 LAPSUS$ Strawberry Tempest
MITRE Techniques 43 techniques
Tags
intrusion-set mitre-attack ransomware +2 more
No recent activity View Details
Lazarus Group
High

[Lazarus Group](https://attack.mitre.org/groups/G0032) is a North Korean state-sponsored cyber threat group attributed …

Type APT
Confidence
90%
Aliases
Lazarus Group Labyrinth Chollima HIDDEN COBRA +4 more
MITRE Techniques 93 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
LazyScripter
High

[LazyScripter](https://attack.mitre.org/groups/G0140) is threat group that has mainly targeted the airlines industry si…

Type APT
Confidence
90%
Aliases
LazyScripter
MITRE Techniques 20 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Leafminer
High

[Leafminer](https://attack.mitre.org/groups/G0077) is an Iranian threat group that has targeted government organization…

Type APT
Confidence
90%
Aliases
Leafminer Raspite
MITRE Techniques 17 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Leviathan
High

[Leviathan](https://attack.mitre.org/groups/G0065) is a Chinese state-sponsored cyber espionage group that has been att…

Type APT
Confidence
90%
Aliases
Leviathan MUDCARP Kryptonite Panda +6 more
MITRE Techniques 50 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Lotus Blossom
High

[Lotus Blossom](https://attack.mitre.org/groups/G0030) is a long-standing threat group largely targeting various entiti…

Type APT
Confidence
90%
Aliases
Lotus Blossom DRAGONFISH Spring Dragon +4 more
MITRE Techniques 21 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
LuminousMoth
High

[LuminousMoth](https://attack.mitre.org/groups/G1014) is a Chinese-speaking cyber espionage group that has been active …

Type APT
Confidence
90%
Aliases
LuminousMoth
MITRE Techniques 28 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
MONSOON
High
Type APT
Confidence
90%
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Machete
High

[Machete](https://attack.mitre.org/groups/G0095) is a suspected Spanish-speaking cyber espionage group that has been ac…

Type APT
Confidence
90%
Aliases
Machete APT-C-43 El Machete
MITRE Techniques 11 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Magic Hound
High

[Magic Hound](https://attack.mitre.org/groups/G0059) is an Iranian-sponsored threat group that conducts long term, reso…

Type APT
Confidence
90%
Aliases
Magic Hound TA453 COBALT ILLUSION +6 more
MITRE Techniques 79 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Malteiro
High

[Malteiro](https://attack.mitre.org/groups/G1026) is a financially motivated criminal group that is likely based in Bra…

Type APT
Confidence
90%
Aliases
Malteiro
MITRE Techniques 12 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Medusa Group
High

[Medusa Group](https://attack.mitre.org/groups/G1051) has been active since at least 2021 and was initially operated as…

Type APT
Confidence
90%
Aliases
Medusa Group
MITRE Techniques 57 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Metador
High

[Metador](https://attack.mitre.org/groups/G1013) is a suspected cyber espionage group that was first reported in Septem…

Type APT
Confidence
90%
Aliases
Metador
MITRE Techniques 9 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Moafee
High

[Moafee](https://attack.mitre.org/groups/G0002) is a threat group that appears to operate from the Guandong Province of…

Type APT
Confidence
90%
Aliases
Moafee
MITRE Techniques 1 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Mofang
High

[Mofang](https://attack.mitre.org/groups/G0103) is a likely China-based cyber espionage group, named for its frequent p…

Type APT
Confidence
90%
Aliases
Mofang
MITRE Techniques 6 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Molerats
High

[Molerats](https://attack.mitre.org/groups/G0021) is an Arabic-speaking, politically-motivated threat group that has be…

Type APT
Confidence
90%
Aliases
Molerats Operation Molerats Gaza Cybergang
MITRE Techniques 16 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Moonstone Sleet
High

[Moonstone Sleet](https://attack.mitre.org/groups/G1036) is a North Korean-linked threat actor executing both financial…

Type APT
Confidence
90%
Aliases
Moonstone Sleet Storm-1789
MITRE Techniques 30 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Moses Staff
High

[Moses Staff](https://attack.mitre.org/groups/G1009) is a suspected Iranian threat group that has primarily targeted Is…

Type APT
Confidence
90%
Aliases
Moses Staff DEV-0500 Marigold Sandstorm
MITRE Techniques 12 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
MoustachedBouncer
High

[MoustachedBouncer](https://attack.mitre.org/groups/G1019) is a cyberespionage group that has been active since at leas…

Type APT
Confidence
90%
Aliases
MoustachedBouncer
MITRE Techniques 8 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
MuddyWater
High

[MuddyWater](https://attack.mitre.org/groups/G0069) is a cyber espionage group assessed to be a subordinate element wit…

Type APT
Confidence
90%
Aliases
MuddyWater Earth Vetala MERCURY +5 more
MITRE Techniques 58 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Mustang Panda
High

[Mustang Panda](https://attack.mitre.org/groups/G0129) is a China-based cyber espionage threat actor that has been cond…

Type APT
Confidence
90%
Aliases
Mustang Panda TA416 RedDelta +12 more
MITRE Techniques 85 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Mustard Tempest
High

[Mustard Tempest](https://attack.mitre.org/groups/G1020) is an initial access broker that has operated the [SocGholish]…

Type APT
Confidence
90%
Aliases
Mustard Tempest DEV-0206 TA569 +2 more
MITRE Techniques 12 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
NEODYMIUM
High

[NEODYMIUM](https://attack.mitre.org/groups/G0055) is an activity group that conducted a campaign in May 2016 and has h…

Type APT
Confidence
90%
Aliases
NEODYMIUM
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Naikon
High

[Naikon](https://attack.mitre.org/groups/G0019) is assessed to be a state-sponsored cyber espionage group attributed to…

Type APT
Confidence
90%
Aliases
Naikon
MITRE Techniques 14 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Night Dragon
High

[Night Dragon](https://attack.mitre.org/groups/G0014) is a campaign name for activity involving a threat group that has…

Type APT
Confidence
90%
Aliases
Night Dragon
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Nomadic Octopus
High

[Nomadic Octopus](https://attack.mitre.org/groups/G0133) is a Russian-speaking cyber espionage threat group that has p…

Type APT
Confidence
90%
Aliases
Nomadic Octopus DustSquad
MITRE Techniques 7 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
OilRig
High

[OilRig](https://attack.mitre.org/groups/G0049) is a suspected Iranian threat group that has targeted Middle Eastern an…

Type APT
Confidence
90%
Aliases
OilRig COBALT GYPSY IRN2 +9 more
MITRE Techniques 76 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Operation Wocao
High

[Operation Wocao](https://attack.mitre.org/groups/G0116) described activities carried out by a China-based cyber espion…

Type APT
Confidence
90%
Aliases
Operation Wocao
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Orangeworm
High

[Orangeworm](https://attack.mitre.org/groups/G0071) is a group that has targeted organizations in the healthcare sector…

Type APT
Confidence
90%
Aliases
Orangeworm
MITRE Techniques 2 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
PLATINUM
High

[PLATINUM](https://attack.mitre.org/groups/G0068) is an activity group that has targeted victims since at least 2009. T…

Type APT
Confidence
90%
Aliases
PLATINUM
MITRE Techniques 11 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
POLONIUM
High

[POLONIUM](https://attack.mitre.org/groups/G1005) is a Lebanon-based group that has primarily targeted Israeli organiza…

Type APT
Confidence
90%
Aliases
POLONIUM Plaid Rain
MITRE Techniques 7 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
PROMETHIUM
High

[PROMETHIUM](https://attack.mitre.org/groups/G0056) is an activity group focused on espionage that has been active sinc…

Type APT
Confidence
90%
Aliases
PROMETHIUM StrongPity
MITRE Techniques 11 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Patchwork
High

[Patchwork](https://attack.mitre.org/groups/G0040) is a cyber espionage group that was first observed in December 2015.…

Type APT
Confidence
90%
Aliases
Patchwork Hangover Group Dropping Elephant +3 more
MITRE Techniques 41 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
PittyTiger
High

[PittyTiger](https://attack.mitre.org/groups/G0011) is a threat group believed to operate out of China that uses multip…

Type APT
Confidence
90%
Aliases
PittyTiger
MITRE Techniques 2 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Play
High

[Play](https://attack.mitre.org/groups/G1040) is a ransomware group that has been active since at least 2022 deploying …

Type APT
Confidence
100%
Aliases
Play
MITRE Techniques 26 techniques
Tags
intrusion-set mitre-attack ransomware +2 more
No recent activity View Details
Poseidon Group
High

[Poseidon Group](https://attack.mitre.org/groups/G0033) is a Portuguese-speaking threat group that has been active sinc…

Type APT
Confidence
90%
Aliases
Poseidon Group
MITRE Techniques 8 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Putter Panda
High

[Putter Panda](https://attack.mitre.org/groups/G0024) is a Chinese threat group that has been attributed to Unit 61486 …

Type APT
Confidence
90%
Aliases
Putter Panda APT2 MSUpdater
MITRE Techniques 4 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
RTM
High

[RTM](https://attack.mitre.org/groups/G0048) is a cybercriminal group that has been active since at least 2015 and is p…

Type APT
Confidence
90%
Aliases
RTM
MITRE Techniques 7 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Rancor
High

[Rancor](https://attack.mitre.org/groups/G0075) is a threat group that has led targeted campaigns against the South Eas…

Type APT
Confidence
90%
Aliases
Rancor
MITRE Techniques 9 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
RedCurl
High

[RedCurl](https://attack.mitre.org/groups/G1039) is a threat actor active since 2018 notable for corporate espionage ta…

Type APT
Confidence
90%
Aliases
RedCurl
MITRE Techniques 41 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
RedEcho
High

[RedEcho](https://attack.mitre.org/groups/G1042) is a People’s Republic of China-related threat actor associated with l…

Type APT
Confidence
90%
Aliases
RedEcho
MITRE Techniques 5 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Rocke
High

[Rocke](https://attack.mitre.org/groups/G0106) is an alleged Chinese-speaking adversary whose primary objective appeare…

Type APT
Confidence
90%
Aliases
Rocke
MITRE Techniques 36 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Saint Bear
High

[Saint Bear](https://attack.mitre.org/groups/G1031) is a Russian-nexus threat actor active since early 2021, primarily …

Type APT
Confidence
90%
Aliases
Saint Bear Storm-0587 TA471 +2 more
MITRE Techniques 18 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Salt Typhoon
High

[Salt Typhoon](https://attack.mitre.org/groups/G1045) is a People's Republic of China (PRC) state-backed actor that has…

Type APT
Confidence
90%
Aliases
Salt Typhoon
MITRE Techniques 14 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Sandworm Team
High

[Sandworm Team](https://attack.mitre.org/groups/G0034) is a destructive threat group that has been attributed to Russia…

Type APT
Confidence
90%
Aliases
Sandworm Team ELECTRUM Telebots +8 more
MITRE Techniques 79 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Scarlet Mimic
High

[Scarlet Mimic](https://attack.mitre.org/groups/G0029) is a threat group that has targeted minority rights activists. T…

Type APT
Confidence
90%
Aliases
Scarlet Mimic
MITRE Techniques 1 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Scattered Spider
High

[Scattered Spider](https://attack.mitre.org/groups/G1015) is a native English-speaking cybercriminal group active since…

Type APT
Confidence
90%
Aliases
Scattered Spider Roasted 0ktapus Octo Tempest +2 more
MITRE Techniques 64 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Sea Turtle
High

[Sea Turtle](https://attack.mitre.org/groups/G1041) is a Türkiye-linked threat actor active since at least 2017 perform…

Type APT
Confidence
90%
Aliases
Sea Turtle Teal Kurma Marbled Dust +2 more
MITRE Techniques 27 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Sharpshooter
High

Operation [Sharpshooter](https://attack.mitre.org/groups/G0104) is the name of a cyber espionage campaign discovered in…

Type APT
Confidence
90%
Aliases
Sharpshooter
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
SideCopy
High

[SideCopy](https://attack.mitre.org/groups/G1008) is a Pakistani threat group that has primarily targeted South Asian c…

Type APT
Confidence
90%
Aliases
SideCopy
MITRE Techniques 16 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Sidewinder
High

[Sidewinder](https://attack.mitre.org/groups/G0121) is a suspected Indian threat actor group that has been active since…

Type APT
Confidence
90%
Aliases
Sidewinder T-APT-04 Rattlesnake
MITRE Techniques 30 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Silence
High

[Silence](https://attack.mitre.org/groups/G0091) is a financially motivated threat actor targeting financial institutio…

Type APT
Confidence
90%
Aliases
Silence Whisper Spider
MITRE Techniques 28 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Silent Librarian
High

[Silent Librarian](https://attack.mitre.org/groups/G0122) is a group that has targeted research and proprietary data at…

Type APT
Confidence
90%
Aliases
Silent Librarian TA407 COBALT DICKENS
MITRE Techniques 13 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
SilverTerrier
High

[SilverTerrier](https://attack.mitre.org/groups/G0083) is a Nigerian threat group that has been seen active since 2014.…

Type APT
Confidence
90%
Aliases
SilverTerrier
MITRE Techniques 4 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Sowbug
High

[Sowbug](https://attack.mitre.org/groups/G0054) is a threat group that has conducted targeted attacks against organizat…

Type APT
Confidence
90%
Aliases
Sowbug
MITRE Techniques 9 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Star Blizzard
High

[Star Blizzard](https://attack.mitre.org/groups/G1033) is a cyber espionage and influence group originating in Russia t…

Type APT
Confidence
90%
Aliases
Star Blizzard SEABORGIUM Callisto Group +2 more
MITRE Techniques 19 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Stealth Falcon
High

[Stealth Falcon](https://attack.mitre.org/groups/G0038) is a threat group that has conducted targeted spyware attacks a…

Type APT
Confidence
90%
Aliases
Stealth Falcon
MITRE Techniques 16 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Stolen Pencil
High

[Stolen Pencil](https://attack.mitre.org/groups/G0086) is a threat group likely originating from DPRK that has been act…

Type APT
Confidence
90%
Aliases
Stolen Pencil
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Storm-0501
High

[Storm-0501](https://attack.mitre.org/groups/G1053) is a financially motivated cyber criminal group that uses commodity…

Type APT
Confidence
90%
Aliases
Storm-0501
MITRE Techniques 42 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Storm-1811
High

[Storm-1811](https://attack.mitre.org/groups/G1046) is a financially-motivated entity linked to [Black Basta](https://a…

Type APT
Confidence
90%
Aliases
Storm-1811
MITRE Techniques 31 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Strider
High

[Strider](https://attack.mitre.org/groups/G0041) is a threat group that has been active since at least 2011 and has tar…

Type APT
Confidence
90%
Aliases
Strider ProjectSauron
MITRE Techniques 3 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Suckfly
High

[Suckfly](https://attack.mitre.org/groups/G0039) is a China-based threat group that has been active since at least 2014…

Type APT
Confidence
90%
Aliases
Suckfly
MITRE Techniques 5 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
TA2541
High

[TA2541](https://attack.mitre.org/groups/G1018) is a cybercriminal group that has been targeting the aviation, aerospac…

Type APT
Confidence
90%
Aliases
TA2541
MITRE Techniques 28 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
TA459
High

[TA459](https://attack.mitre.org/groups/G0062) is a threat group believed to operate out of China that has targeted cou…

Type APT
Confidence
90%
Aliases
TA459
MITRE Techniques 5 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
TA505
High

[TA505](https://attack.mitre.org/groups/G0092) is a cyber criminal group that has been active since at least 2014. [TA5…

Type APT
Confidence
90%
Aliases
TA505 Hive0065 Spandex Tempest +1 more
MITRE Techniques 34 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
TA551
High

[TA551](https://attack.mitre.org/groups/G0127) is a financially-motivated threat group that has been active since at le…

Type APT
Confidence
90%
Aliases
TA551 GOLD CABIN Shathak
MITRE Techniques 14 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
TA577
High

[TA577](https://attack.mitre.org/groups/G1037) is an initial access broker (IAB) that has distributed [QakBot](https://…

Type APT
Confidence
90%
Aliases
TA577
MITRE Techniques 6 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
TA578
High

[TA578](https://attack.mitre.org/groups/G1038) is a threat actor that has used contact forms and email to initiate comm…

Type APT
Confidence
90%
Aliases
TA578
MITRE Techniques 4 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
TEMP.Veles
High

[TEMP.Veles](https://attack.mitre.org/groups/G0088) is a Russia-based threat group that has targeted critical infrastru…

Type APT
Confidence
90%
Aliases
TEMP.Veles XENOTIME
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Taidoor
High

[Taidoor](https://attack.mitre.org/groups/G0015) has been deprecated, as the only technique it was linked to was deprec…

Type APT
Confidence
90%
Aliases
Taidoor
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
TeamTNT
High

[TeamTNT](https://attack.mitre.org/groups/G0139) is a threat group that has primarily targeted cloud and containerized …

Type APT
Confidence
90%
Aliases
TeamTNT
MITRE Techniques 56 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
The White Company
High

[The White Company](https://attack.mitre.org/groups/G0089) is a likely state-sponsored threat actor with advanced capab…

Type APT
Confidence
90%
Aliases
The White Company
MITRE Techniques 7 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Threat Group-1314
High

[Threat Group-1314](https://attack.mitre.org/groups/G0028) is an unattributed threat group that has used compromised cr…

Type APT
Confidence
90%
Aliases
Threat Group-1314 TG-1314
MITRE Techniques 4 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Threat Group-3390
High

[Threat Group-3390](https://attack.mitre.org/groups/G0027) is a Chinese threat group that has extensively used strategi…

Type APT
Confidence
90%
Aliases
Threat Group-3390 Earth Smilodon TG-3390 +6 more
MITRE Techniques 57 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Thrip
High

[Thrip](https://attack.mitre.org/groups/G0076) is an espionage group that has targeted satellite communications, teleco…

Type APT
Confidence
90%
Aliases
Thrip
MITRE Techniques 4 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
ToddyCat
High

[ToddyCat](https://attack.mitre.org/groups/G1022) is a sophisticated threat group that has been active since at least 2…

Type APT
Confidence
90%
Aliases
ToddyCat
MITRE Techniques 25 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Tonto Team
High

[Tonto Team](https://attack.mitre.org/groups/G0131) is a suspected Chinese state-sponsored cyber espionage threat group…

Type APT
Confidence
90%
Aliases
Tonto Team Earth Akhlut BRONZE HUNTLEY +2 more
MITRE Techniques 15 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Transparent Tribe
High

[Transparent Tribe](https://attack.mitre.org/groups/G0134) is a suspected Pakistan-based threat group that has been act…

Type APT
Confidence
90%
Aliases
Transparent Tribe COPPER FIELDSTONE APT36 +2 more
MITRE Techniques 14 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Tropic Trooper
High

[Tropic Trooper](https://attack.mitre.org/groups/G0081) is an unaffiliated threat group that has led targeted campaigns…

Type APT
Confidence
90%
Aliases
Tropic Trooper Pirate Panda KeyBoy
MITRE Techniques 40 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Turla
High

[Turla](https://attack.mitre.org/groups/G0010) is a cyber espionage threat group that has been attributed to Russia's F…

Type APT
Confidence
90%
Aliases
Turla IRON HUNTER Group 88 +7 more
MITRE Techniques 68 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
UNC2452
High

[UNC2452](https://attack.mitre.org/groups/G0118) is a suspected Russian state-sponsored threat group responsible for th…

Type APT
Confidence
90%
Aliases
UNC2452 NOBELIUM StellarParticle +1 more
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
UNC3886
High

[UNC3886](https://attack.mitre.org/groups/G1048) is a China-nexus cyberespionage group that has been active since at le…

Type APT
Confidence
90%
Aliases
UNC3886
MITRE Techniques 49 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Velvet Ant
High

[Velvet Ant](https://attack.mitre.org/groups/G1047) is a threat actor operating since at least 2021. [Velvet Ant](https…

Type APT
Confidence
90%
Aliases
Velvet Ant
MITRE Techniques 22 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Volatile Cedar
High

[Volatile Cedar](https://attack.mitre.org/groups/G0123) is a Lebanese threat group that has targeted individuals, compa…

Type APT
Confidence
90%
Aliases
Volatile Cedar Lebanese Cedar
MITRE Techniques 5 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Volt Typhoon
High

[Volt Typhoon](https://attack.mitre.org/groups/G1017) is a People's Republic of China (PRC) state-sponsored actor that …

Type APT
Confidence
90%
Aliases
Volt Typhoon BRONZE SILHOUETTE Vanguard Panda +4 more
MITRE Techniques 81 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
WIRTE
High

[WIRTE](https://attack.mitre.org/groups/G0090) is a threat group that has been active since at least August 2018. [WIRT…

Type APT
Confidence
90%
Aliases
WIRTE
MITRE Techniques 11 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Water Galura
High

[Water Galura](https://attack.mitre.org/groups/G1050) are the operators of the [Qilin](https://attack.mitre.org/softwar…

Type APT
Confidence
90%
Aliases
Water Galura GOLD FEATHER
MITRE Techniques 3 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Whitefly
High

[Whitefly](https://attack.mitre.org/groups/G0107) is a cyber espionage group that has been operating since at least 201…

Type APT
Confidence
90%
Aliases
Whitefly
MITRE Techniques 9 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Windigo
High

The [Windigo](https://attack.mitre.org/groups/G0124) group has been operating since at least 2011, compromising thousan…

Type APT
Confidence
90%
Aliases
Windigo
MITRE Techniques 7 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Windshift
High

[Windshift](https://attack.mitre.org/groups/G0112) is a threat group that has been active since at least 2017, targetin…

Type APT
Confidence
90%
Aliases
Windshift Bahamut
MITRE Techniques 19 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Winnti Group
High

[Winnti Group](https://attack.mitre.org/groups/G0044) is a threat group with Chinese origins that has been active since…

Type APT
Confidence
90%
Aliases
Winnti Group Blackfly
MITRE Techniques 6 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Winter Vivern
High

Winter Vivern is a group linked to Russian and Belorussian interests active since at least 2020 targeting various Europ…

Type APT
Confidence
90%
Aliases
Winter Vivern TA473 UAC-0114
MITRE Techniques 27 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
Wizard Spider
High

[Wizard Spider](https://attack.mitre.org/groups/G0102) is a Russia-based financially motivated threat group originally …

Type APT
Confidence
90%
Aliases
Wizard Spider UNC1878 TEMP.MixMaster +6 more
MITRE Techniques 64 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
ZIRCONIUM
High

[ZIRCONIUM](https://attack.mitre.org/groups/G0128) is a threat group operating out of China, active since at least 2017…

Type APT
Confidence
90%
Aliases
ZIRCONIUM APT31 Violet Typhoon
MITRE Techniques 29 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
admin@338
High

admin@338is a China-based cyber threat group. It has previously used newsworthy events as lures to deliver malware and …

Type APT
Confidence
100%
MITRE Techniques 12 techniques
Tags
mitre-attack crawled web-source +1 more
Last seen: 19 hours, 46 minutes ago View Details
apt73
High

A new ransomware group is said to have emerged in mid-April 2024, under the name 'APT73.' It's worth noting that the gr…

Type Cybercriminal
Confidence
100%
Aliases
bashe
Tags
ransomware ransomware.live bashe
No recent activity View Details
avaddon
High

Avaddon is a ransomware malware targeting Windows systems often spread via malicious spam. The first known attack where…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
babuk2
High

Babuk Locker 2.0, also known as Bjorka or SkyWave, after failing to make any profit from selling public databases on fo…

Type Cybercriminal
Confidence
100%
Aliases
Satanlock
Tags
ransomware ransomware.live Satanlock
No recent activity View Details
blacksuit
High

According to Trend Micro, this ransomware has significant code overlap with Royal Ransomware.

Type Cybercriminal
Confidence
100%
MITRE Techniques 17 techniques
Tags
ransomware ransomware.live
No recent activity View Details
cactus
High

The CACTUS ransomware is said to have emerged around March 2023. The group became known for exploiting vulnerabilities …

Type Cybercriminal
Confidence
100%
MITRE Techniques 21 techniques
Tags
ransomware ransomware.live
No recent activity View Details
cloak
High
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
coinbasecartel
High

CoinbaseCartel specializes in data acquisition through system access and strategic partnerships. It focus exclusively o…

Type Cybercriminal
Confidence
100%
MITRE Techniques 18 techniques
Tags
ransomware ransomware.live
No recent activity View Details
conti
High

Conti is an extremely damaging ransomware due to the speed with which it encrypts data and spreads to other systems. It…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
cuba
High

The Cuba Ransomware, also known as Colddraw Ransomware, was first identified in the threat landscape in 2019 and built …

Type Cybercriminal
Confidence
100%
Aliases
Colddraw
MITRE Techniques 23 techniques
Tags
ransomware ransomware.live Colddraw
No recent activity View Details
devman
High

Former RansomHub and INC Ransom affiliate.

Type Cybercriminal
Confidence
100%
Aliases
Devman 2.0
MITRE Techniques 18 techniques
Tags
ransomware ransomware.live Devman 2.0
No recent activity View Details
dispossessor
High

This is not a ransomware group but a data broker

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
eldorado
High

In September The El Dorado ransomware group have been rebrand as BlackLock

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
everest
High

Everest ransom group collects and analyzes information about their victims. They specialize in customer privacy data, f…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
fog
High

Fog, which uses the .flocked extension for encrypted files, was first observed in May in campaigns by Storm-0844, a thr…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
funksec
High
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
handala
High

Not a Ransomware Group

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
hive
High

Hive is a strain of ransomware that was first discovered in June 2021. Hive was designed to be used by Ransomware-as-a-…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
hunters
High

In mid-October 2023, just a few days before the Europol operation, the source code of the Ransomware Hive was sold, alo…

Type Cybercriminal
Confidence
100%
MITRE Techniques 11 techniques
Tags
ransomware ransomware.live
No recent activity View Details
interlock
High
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
killsec
High
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
lockbit5
High
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
lynx
High
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
malas
High
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
menuPass
High

[menuPass](https://attack.mitre.org/groups/G0045) is a threat group that has been active since at least 2006. Individua…

Type APT
Confidence
90%
Aliases
menuPass Cicada POTASSIUM +6 more
MITRE Techniques 46 techniques
Tags
mitre-attack stix-2.1 intrusion-set
No recent activity View Details
meow
High
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
monti
High
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
nightspire
High
Type Cybercriminal
Confidence
100%
MITRE Techniques 35 techniques
Tags
ransomware ransomware.live
No recent activity View Details
noescape
High
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
nova
High

Nova (formerly RALord) is a ransomware-as-a-service (RaaS) group that encrypts victims’files and uses double-extortion …

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
pysa
High

Mespinosa is a ransomware which encrypts file using an asymmetric encryption and adds .pysa as file extension. Accordin…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
ragnarlocker
High
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
ransomhouse
High
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
raworld
High

RA Group, also known as RA World, first surfaced in April 2023, utilizing a custom variant of the Babuk ransomware.

Type Cybercriminal
Confidence
100%
Aliases
ragroup
Tags
ransomware ransomware.live ragroup
No recent activity View Details
rhysida
High

Rhysida is a ransomware-as-a-service (RAAS) group that emerged in May 2023. The group utilizes a namesake ransomware th…

Type Cybercriminal
Confidence
100%
MITRE Techniques 28 techniques
Tags
ransomware ransomware.live
No recent activity View Details
royal
High

According to Trendmicro, Royal ransomware was first observed in September 2022, and the threat actors behind it are bel…

Type Cybercriminal
Confidence
100%
MITRE Techniques 19 techniques
Tags
ransomware ransomware.live
No recent activity View Details
safepay
High
Type Cybercriminal
Confidence
100%
MITRE Techniques 11 techniques
Tags
ransomware ransomware.live
No recent activity View Details
sarcoma
High
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
silentransomgroup
High

a former Conti team

Type Cybercriminal
Confidence
100%
Aliases
leakeddata
Tags
ransomware ransomware.live leakeddata
No recent activity View Details
sinobi
High
Type Cybercriminal
Confidence
100%
MITRE Techniques 10 techniques
Tags
ransomware ransomware.live
No recent activity View Details
snatch
High

Snatch is a ransomware which infects victims by rebooting the PC into Safe Mode. Most of the existing security protecti…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
spacebears
High
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
stormous
High
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
thegentlemen
High
Type Cybercriminal
Confidence
100%
MITRE Techniques 32 techniques
Tags
ransomware ransomware.live
No recent activity View Details
toufan
High

Pro-Palestinian Group

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
vicesociety
High

Vice Society ransomware appends the .v-society extension when encrypting Linux machines. Running a leak site on the dar…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
worldleaks
High

World Leaks emerged in January 2025 as a rebrand of the Hunters International ransomware operation, shifting its focus …

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
abyss
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
ailock
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
alp-001
Medium

⚠️ The group appears unreliable. Most, if not all, of its alleged victims cannot be verified. WE HAVE DECIDED TO REMOVE…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
alphalocker
Medium
Type Cybercriminal
Confidence
100%
MITRE Techniques 4 techniques
Tags
ransomware ransomware.live
No recent activity View Details
anubis
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
apos
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
arcusmedia
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
argonauts
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
arvinclub
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
avoslocker
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
beast
Medium

Beast is a Ransomware-as-a-service (RaaS) product which provides functionality such as SMB scanning, file encryption, s…

Type Cybercriminal
Confidence
100%
Aliases
GIGAKICK
Tags
ransomware ransomware.live GIGAKICK
No recent activity View Details
benzona
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
blacklock
Medium

BlackLock is a rebranded version of another ransomware group known as Eldorado. It has since become one of the most act…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
blackmatter
Medium

Ransomware-as-a-Service

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
blacknevas
Medium
Type Cybercriminal
Confidence
100%
Aliases
Trial Recovery
Tags
ransomware ransomware.live Trial Recovery
No recent activity View Details
blackshrantac
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
braincipher
Medium

Brain Cipher emerged in July 2024. Both Windows and Linux variants are available. Brain Cipher using the leaked build o…

Type Cybercriminal
Confidence
100%
MITRE Techniques 5 techniques
Tags
ransomware ransomware.live
No recent activity View Details
bravox
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
brotherhood
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
cephalus
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
chaos
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
cheers
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
cicada3301
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
ciphbit
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
crazyhunter
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
cryp70n1c0d3
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
crypto24
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
d4rk4rmy
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
daixin
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
dan0n
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
darkleakmarket
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
darkpower
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
darkrace
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
darkside
Medium

Darkside ransomware group has started its operation in August of 2020 with the model of RaaS (Ransomware-as-a-Service).…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
darkvault
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
datacarry
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
direwolf
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
donutleaks
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
doppelpaymer
Medium

Doppelpaymer is a ransomware family that encrypts user data and later on it asks for a ransom in order to restore origi…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
dragonransomware
Medium

Dragon Ransomware, is promising rapid and customizable ransomware operations for Windows systems. Key features include …

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
dunghill
Medium
Type Cybercriminal
Confidence
100%
Aliases
darkangel
Tags
ransomware ransomware.live darkangel
No recent activity View Details
embargo
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
flocker
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
frag
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
freecivilian
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
genesis
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
global
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
groove
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
gunra
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
hellcat
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
helldown
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
icefire
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
imncrew
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
insomnia
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
j
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
kairos
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
karakurt
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
kawa4096
Medium
Type Cybercriminal
Confidence
100%
Aliases
KaWaLocker
Tags
ransomware ransomware.live KaWaLocker
No recent activity View Details
kelvinsecurity
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
knight
Medium

[Cyclops](group/cyclops) rebrand

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
kraken
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
krybit
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
lamashtu
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
leaktheanalyst
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
lorenz
Medium

Tesorion describes Lorenz as a ransomware with design and implementation flaws, leading to impossible decryption with t…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
losttrust
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
lv
Medium

LV ransomware group main message: "Here are companies which didn't meet consumer data protection obligations. They reje…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
madliberator
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
mallox
Medium

This ransomware uses a combination of different crypto algorithms (ChaCha20, AES-128, Curve25519). The activity of this…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
marketo
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
maze
Medium

Maze ransomware group is one of the most known ransomware gangs, they targeted organizations worldwide across many indu…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
medusalocker
Medium

Medusa is a DDoS bot written in .NET 2.0. In its current incarnation its C&C protocol is based on HTTP, while its prede…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
metaencryptor
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
midas
Medium

This malware written in C# is a variant of the Thanos ransomware family and emerged in October 2021 and is obfuscated u…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
mindware
Medium

Ransomware, potential rebranding of win.sfile.

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
moneymessage
Medium
Type Cybercriminal
Confidence
100%
Aliases
ThreatLabz
Tags
ransomware ransomware.live ThreatLabz
No recent activity View Details
morpheus
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
mosesstaff
Medium

Cybereason Nocturnus describes Moses Staff as an Iranian hacker group, first spotted in October 2021. Their motivation …

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
mountlocker
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
nefilim
Medium

According to Vitali Kremez and Michael Gillespie, this ransomware shares much code with Nemty 2.5. A difference is remo…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
netwalker
Medium

NetWalker ransomware group operates by the threat actor known as "CIRCUS SPIDER". The NetWalker ransomware was discover…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
nitrogen
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
nokoyawa
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
obscura
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
onyx
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
payload
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
payloadbin
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
payoutsking
Medium
Type Cybercriminal
Confidence
100%
Aliases
Payouts King
Tags
ransomware ransomware.live Payouts King
No recent activity View Details
pear
Medium

Pure Extraction And Ransom (PEAR) Team is the community of highly responsible and strictly disciplined members. We are …

Type Cybercriminal
Confidence
100%
Aliases
Pure Extraction And Ransom
Tags
ransomware ransomware.live Pure Extraction And Ransom
No recent activity View Details
quantum
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
radar
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
ralord
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
ransomed
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
ransomexx
Medium

RansomExx is a ransomware family that targeted multiple companies starting in mid-2020. It shares commonalities with De…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
redransomware
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
revil
Medium

Sodinokibi ransomware group also known as REvil (Ransomware Evil) operates as a ransomware-as-a-service (RaaS) model. A…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
sabbath
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
securotrop
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
shinyhunters
Medium
Type Cybercriminal
Confidence
100%
MITRE Techniques 5 techniques
Tags
ransomware ransomware.live
No recent activity View Details
siegedsec
Medium

Not a ransomware group but a hacktivist group that appeared coincidentally days before Russia’s invasion of Ukraine

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
sparta
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
spook
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
suncrypt
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
teamxxx
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
tengu
Medium
Type Cybercriminal
Confidence
100%
MITRE Techniques 10 techniques
Tags
ransomware ransomware.live
No recent activity View Details
termite
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
threeam
Medium

A new Ransomware family identified by the name '3AM' or 'ThreeAM' in September 2023. The ransomware operation was obser…

Type Cybercriminal
Confidence
100%
Aliases
3Am
MITRE Techniques 11 techniques
Tags
ransomware ransomware.live 3Am
No recent activity View Details
tridentlocker
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
trigona
Medium

According to PCrisk, Trigona is ransomware that encrypts files and appends the ._locked extension to filenames. Also, i…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
trinity
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
underground
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
unsafe
Medium

A group which seems to recycle leak from other ransomware groups

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
vect
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
wannacry
Medium

WannaCry ransomware is a cyber attack that spreads by exploiting vulnerabilities in the Windows operating system. At it…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
warlock
Medium

The Warlock ransomware and operator(s) are believed to be attributed to Storm-2603, a China-based threat actor who is a…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
werewolves
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
weyhro
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
xinglocker
Medium
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
0apt
Low

The group appears unreliable. Most, if not all, of its alleged victims cannot be verified and appear to be randomly sel…

Type Cybercriminal
Confidence
100%
MITRE Techniques 6 techniques
Tags
ransomware ransomware.live
No recent activity View Details
0mega
Low
Type Cybercriminal
Confidence
100%
MITRE Techniques 7 techniques
Tags
ransomware ransomware.live
No recent activity View Details
abrahams_ax
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
adminlocker
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
againstthewest
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
agl0bgvycg
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
ako
Low

A Windows ransomware that will run certain tasks to prepare the target system for the encryption of files. MedusaLocker…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
arkana
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
atomsilo
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
auditteam
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
avos
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
aware
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
aztroteam
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
babuk
Low

Babuk Ransomware is a sophisticated ransomware compiled for several platforms. Windows and ARM for Linux are the most u…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
babyduck
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
bert
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
blackout
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
blackshadow
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
blacktor
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
blackwater
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
bluebox
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
bluelocker
Low

Blue Locker targets Pakistan’s vital energy sector, particularly Pakistan Petroleum

Type Cybercriminal
Confidence
100%
MITRE Techniques 15 techniques
Tags
ransomware ransomware.live
No recent activity View Details
bluesky
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
bonacigroup
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
bqtlock
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
chilelocker
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
chort
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
cipherforce
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
contfr
Low

RAAS - Ransomware intégré à un fichier PDF, à faire ouvrir à vos victimes ou à insérer vous-même, Windows et Mac, ne fo…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
cooming
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
crosslock
Low
Type Cybercriminal
Confidence
100%
MITRE Techniques 10 techniques
Tags
ransomware ransomware.live
No recent activity View Details
cry0
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
crylock
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
cryptbb
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
cryptnet
Low

According to OALabs, this ransomware has the following features: * Files are encrypted with AES CBC using a generated 2…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
cyclops
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
dagonlocker
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
darkangels
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
darkbit
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
datakeeper
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
dataleak
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
desolator
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
diavol
Low

A ransomware with potential ties to Wizard Spider.

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
donex
Low
Type Cybercriminal
Confidence
100%
MITRE Techniques 33 techniques
Tags
ransomware ransomware.live
No recent activity View Details
dread
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
ech0raix
Low

The QNAPCrypt ransomware works similarly to other ransomware, including encrypting all files and delivering a ransom no…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
entropy
Low

Entropy is a ransomware first seen in 1st quarter of 2022, is being used in conjunction of Dridex infection. The ransom…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
ep918
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
exitium
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
exorcist
Low

According to PCrisk, Exorcist is a ransomware-type malicious program. Systems infected with this malware experience dat…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
fletchen
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
fsteam
Low

New possible leak site posted to a forum on November 20th, 2022, no victims at present. Unclear if its for a ransomware…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
gdlockersec
Low

Our team members are from different countries and we are not interested in anything else, we are only interested in dol…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
grief
Low

Doppelpaymer is a ransomware family that encrypts user data and later on it asks for a ransom in order to restore origi…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
hades
Low

According to PCrisk, Hades Locker is an updated version of WildFire Locker ransomware that infiltrates systems and encr…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
haron
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
hellogookie
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
hellokitty
Low

Unit42 states that HelloKitty is a ransomware family that first surfaced at the end of 2020, primarily targeting Window…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
holyghost
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
hotarus
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
insane
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
karma
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
kazu
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
kittykatkrew
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
kryptos
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
kyber
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
la_piovra
Low

ℹ️ La Piovra Ransomware is an exercise of the company Offensive Security (also known as OffSec)

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
lilith
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
linkc
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
lockbit
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
lockbit3_fs
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
lockdata
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
lolnek
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
lunalock
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
m3rx
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
madcat
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
malekteam
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
mamona
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
mbc
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
minteye
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
mogilevich
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
ms13089
Low
Type Cybercriminal
Confidence
100%
Aliases
ms13-089
Tags
ransomware ransomware.live ms13-089
No recent activity View Details
mydecryptor
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
n3tworm
Low

N3tw0rm ransomware group is linked to Iran by many security researchers especially for the fact that the group targetin…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
nasirsecurity
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
nemty
Low

Nemty is a ransomware that was discovered in September 2019. Fortinet states that they found it being distributed throu…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
netrunner
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
nevada
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
nightsky
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
noname
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
onepercent
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
orca
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
orion
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
osiris
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
pandora
Low

Pandora ransomware was obtained by vx-underground at 2022-03-14.

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
pay2key
Low

Pay2Key is ransomware that has been used by the threat actor Fox Kitten. The group seems to operate since July 2020, ta…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
playboy
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
projectrelic
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
prolock
Low

PwndLocker is a ransomware that was observed in late 2019 and is reported to have been used to target businesses and lo…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
prometheus
Low

Ransomware written in .NET, apparently derived from the codebase of win.hakbit (Thanos) ransomware.

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
promptlock
Low

First known AI-powered ransomware. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
qiulong
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
qlocker
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
rabbithole
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
radiant
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
ragnarok
Low

According to Bleeping Computer, the ransomware is used in targeted attacks against unpatched Citrix servers. It exclude…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
ramp
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
rancoz
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
ranion
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
ransombay
Low

Launched on April 24th, 2025 RansomBay is a new project operating under the DragonForce initiative

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
ransomcartel
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
ransomcortex
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
ranstreet
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
ranzy
Low

Ranzy Locker, Former known as ThunderX. The group hosting a data leak site in the darknet where they posting sensitive …

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
raznatovic
Low

RANSOMED.VC aka Raznatovic

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
rebornvc
Low
Type Cybercriminal
Confidence
100%
Aliases
RansomedVC2
Tags
ransomware ransomware.live RansomedVC2
No recent activity View Details
redalert
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
reynolds
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
robinhood
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
rook
Low

According to PCrisk, Rook is ransomware (an updated variant of Babuk) that prevents victims from accessing/opening file…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
rransom
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
runsomewares
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
satanlockv2
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
secp0
Low

Encrypted Extension: .vanhelsing, .vanlocker. Targets Windows Platform only

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
sensayq
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
shadow
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
shadowbyt3$
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
shaoleaks
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
shinysp1d3r
Low

Likely associated with the cybercrime group BlingLibra (ShinyHunters)

Type Cybercriminal
Confidence
100%
Aliases
ShinySpider
Tags
ransomware ransomware.live ShinySpider
No recent activity View Details
sicarii
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
silent
Low

Unlike many other groups, Silent claims to operate with a high level of anonymity and discretion. According to their ow…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
skira
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
slug
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
solidbit
Low

Ransomware, written in .NET.

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
sugar
Low

Ransomware, written in Delphi.

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
synack
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
thegreenbloodgroup
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
timc
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
trisec
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
u-bomb
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
unknown
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
valencialeaks
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
vanhelsing
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
vanirgroup
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
vendetta
Low

Ransomware, which appears to be a rebranding of win.cuba.

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
vfokx
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
walocker
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
x001xs
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
xinof
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
xp95
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
yanluowang
Low

According to PCrisk, Yanluowang is ransomware that encrypts (and renames) files, ends all running processes, stops serv…

Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
yurei
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
zeon
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
zerolockersec
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
zerotolerance
Low
Type Cybercriminal
Confidence
100%
Tags
ransomware ransomware.live
No recent activity View Details
Threat Actor Statistics

518

Total Actors

517

High/Critical