Actors

Name	Aliases	Attribution	Tags	Incidents	Status
🐙 0ktapus	ScatterSwine, UNC3944 (Mandiant), Scattered Spider, Muddled Libra (Unit42)	💰Cybercrime	ExtortionistRansomOps	Twilio incident SIM swapping to serial port abuse Scattered Spider Azure Run abuse Muddled Libra campaigns (2024)	Finalized
8️⃣ 8220 Gang		💰Cybercrime	Cryptojacking	8820 Gang targeting WebLogic 8220 Gang targeting Confluence 8220 Gang exploiting Log4Shell	Finalized
🔤 Abcbot operator		💰Cybercrime	Cryptojacking	Abcbot Huawei Cloud targeting campaign Loggerminer campaign	Stub
📓 Agenda operator	Qilin, Water Galura	💰Cybercrime	RansomOps	Agenda Ransomware Targets ESXi and vCenter Servers	Finalized
🦑 AmberSquid		💰Cybercrime	Cryptojacking	AmberSquid campaign	Finalized
👿 Andariel	Silent Chollima	🇰🇵	State-Sponsored	Andariel exploiting Apache ActiveMQ	Stub
🐻 APT29	APT29 (Mandiant), CozyBear (CS), NOBELIUM (MS), YTTRIUM (MS), UNC2452 (Mandiant), Midnight Blizzard (MS)	🇷🇺/SVR	State-Sponsored	APT29 targeting Microsoft 365 APT29 TeamCity campaign Solarigate: Solarwinds supply chain attack Microsoft email exfiltration by Nobelium	Stub
⚖️ APT31	APT31 (Mandiant), Violet Typhoon (MS)	🇨🇳	State-Sponsored	APT31 Rekoobe campaign	Stub
🐈‍⬛ BlackCat		💰Cybercrime	RansomOps	BlackCat Azure Storage Account RansomOp	Finalized
🧸 C3RB3R operator	Cerber	Unknown	RansomOpsCryptojacking	Confluence targeting by C3RB3R	Stub
ChinaZ		💰Cybercrime	Botnet Operator	ChinaZ campaigns	Stub
🪙 CoinStomp operator		💰Cybercrime	Cryptojacking	CoinStomp campaign	Stub
😼 Commando Cat		💰Cybercrime	Cryptojacking	Commando Cat campaign	Stub
🍬 Cyber Toufan		Unknown	Hacktivist	Cyber Toufan Linux destruction	Stub
🕶️ DarkBit		🇮🇷/MOIS	State-SponsoredRansomOps	MuddyWater cloud destruction operation	Stub
☢️ DarkRadiation operator		💰Cybercrime	RansomOps	DarkRadiation campaign	Stub
⛵ Doki operator		💰Cybercrime	Botnet OperatorCryptojacking	Doki cryptojacking campaign	Stub
🚌 Dreambus operator		💰Cybercrime	Botnet OperatorCryptojacking	Dreambus campaign (2023) Dreambus campaign (2021)	Featured
🌍 Earth Krahang		🇹🇷			Stub
🐸 FritzFrog operator		💰Cybercrime	Botnet Operator		Stub
🎲 GambleForce		Unknown	Data Exfil.	GambleForce SQL injection campaign	Stub
🚦 GoBruteforcer operator		💰Cybercrime	Botnet Operator	GoBruteforcer campaign	Stub
💢 GoTitan operator		💰Cybercrime	Botnet Operator	GoTitan ActiveMQ campaign	Stub
🦀 HeadCrab operator		💰Cybercrime	Botnet OperatorCryptojacking	HeadCrab campaign	Stub
👑 Kinsing operator		💰Cybercrime	Cryptojacking	Kinsing campaign (2020)	Stub
👻 Krasue operator		💰Cybercrime		Krasue Thailand campaign	Stub
🐀 Labrat operator		💰Cybercrime	Cryptojacking	Labrat GitLab campaign	Stub
🫗 LAPSUS$	Strawberry Tempest (MS), DEV-0537 (MS)	💰Cybercrime	Extortionist	LAPSUS$ campaigns	Featured
🍋 LemonDuck		💰Cybercrime	Botnet Operator	LemonDuck Docker campaign	Stub
😈 Lucifer operator		💰Cybercrime		Lucifer Botnet targeting Hadoop	Stub
👺 Magnet Goblin		💰Cybercrime		Magnet Goblin campaign (2024)	Stub
😿 Meow		💰Cybercrime	Hacktivist	Meow Jupyter Notebook campaign Meow database server campaign	Stub
🏁 Migo operator		💰Cybercrime	Cryptojacking	Migo cryptominer targeting Redis	Stub
📝 Mimo operator		💰Cybercrime	Botnet OperatorCryptojacking	Mimo cryptomining campaign	Stub
💧 MuddyWater	MuddyWater (CHKP), Mango Sandstorm (MS), Mercury (MS)	🇮🇷/MOIS	State-Sponsored	MuddyWater cloud destruction operation	Finalized
🥢 Muhstik		💰Cybercrime	Botnet Operator	Muhstick Redis campaign	Stub
📄 Nickolas Sharp		🥷Insider threat		Ubiquiti incident	Stub
🦠 P2PInfect		💰Cybercrime	Botnet Operator	P2PInfect campaign	Finalized
📄 Paige Thompson	erratic	💰Cybercrime		Capital One incident (March 2019)	Stub
🍑 Peach Sandstorm	APT33 (Mandiant), HOLMIUM (MS), Refined Kitten (CS), Elfin, Magic Hound	🇮🇷/IRGC	State-Sponsored	Peach Sandstorm Azure targeting	Finalized
🕷️ Prophet Spider	Gold Melody (SecureWorks)	💰Cybercrime	RansomOps	Prophet Spider campaign	Stub
🧵 PyLoose operator		💰Cybercrime	Cryptojacking	PyLoose campaign	Stub
🍎 Redigo operator		💰Cybercrime	Botnet Operator	Redigo campaign	Stub
🪨 Rocke		💰Cybercrime	Cryptojacking		Stub
🎏 RUBYCARP		🇷🇴	Botnet OperatorCryptojacking	RUBYCARP: Botnet Exploiting Vulnerabilities for Crypto	Finalized
🐛 Sandworm		🇷🇺/GRU	State-Sponsored	Exim exploitation by Sandworm	Stub
🐍 ScarletEel		💰Cybercrime	Data Exfil.Cryptojacking	ScarletEel campaign (July ‘23) ScarletEel campaign (Feb ‘23)	Finalized
🐢 SeaTurtle	Cosmic Wolf (Talos), Teal Kurma, Silicon, UNC1326	🇹🇷	State-Sponsored	Cosmic Wolf cloud activity	Stub
🌒 ShadowSyndicate	ShadowSyndicate (Group-IB), Infra Storm (Group-IB)	💰Cybercrime	RansomOpsExtortionist	ShadowSyndicate aiohttp exploitation	Finalized
🔇 SilentBob	SilentBob (Permiso)	💰Cybercrime	Cryptojacking	SilentBob cryptomining campaign	Stub
⛏️ Siloscape operator		Unknown		Siloscape campaign	Stub
🗺️ SkidMap operator		💰Cybercrime	Cryptojacking	SkidMap targeting Redis	Stub
💿 SmoothOperator	Labyrinth Chollima (CS), UNC4736 (Mandiant)	🇰🇵	State-Sponsored	3CX and Trading Technologies supply chain attack	Stub
🌩️ Storm-0558	Storm-0558 (MS)	🇨🇳	State-Sponsored	Microsoft signing key compromise Operation Aurora Storm-0558 phishing campaigns Affirmed Networks breach	Stub
🌩️ Storm-1283	Storm-1283 (MS)	Unknown		OAuth applications to deploy VMs for cryptomining	Stub
TargetCompany	Mallox	💰Cybercrime	RansomOps	TargetCompany Abusing MSSQL Servers for Ransomware	Finalized
💣 TeamTNT	Adept Libra (PA)	💰Cybercrime	Cryptojacking	TeamTNT campaigns SilentBob cryptomining campaign	Featured
💰 TraderTraitor	UNC4899, Jade Sleet	🇰🇵		JumpCloud supply chain attack CircleCI incident	Stub
📐 Trigona operator		💰Cybercrime	RansomOps	Trigona targeting MSSQL servers Mimic used by Trigona operators	Finalized
💡 UNC2903	UNC2903 (Mandiant)	💰Cybercrime		UNC2903 campaigns	Stub
💡 UNC2970	UNC2970 (Mandiant)	🇰🇵	State-Sponsored	Stealing the LIGHTSHOW	Stub
💡 UNC3886	UNC3886 (Mandiant)	🇨🇳	State-Sponsored	UNC3886 campaigns	Stub
💡 UNC4841	UNC4841 (Mandiant)	🇨🇳		UNC4841 Barracuda ESG Campaign	Stub
💡 UNC5174	Uteus	🇨🇳	State-SponsoredHacktivist	UNC5174 ScreenConnect and F5 BIG-IP exploitation	Finalized
💡 UNC5221		🇨🇳		Ivanti Connect Secure targeting campaign MITRE breach via Ivanti Connect Secure	Stub
🐶 WatchDog		💰Cybercrime	Cryptojacking	“Kiss-A-Dog” campaign WatchDog East-Asian CSP campaign	Stub
👱‍♀️ Xanthe operator		💰Cybercrime	Cryptojacking		Stub
0️⃣ z0miner		💰Cybercrime	Cryptojacking	z0Miner targeting WebLogic servers	Stub