Intrusion sets
APT groups and intrusion sets — goals, aliases, sectors, and related campaigns.
-
Confidence 100 5 MITREs 2 Malwares 2 Tools
[Cleaver](https://attack.mitre.org/groups/G0003) is a threat group that has been attributed to Iranian actors and is responsible for activity tracked as Operation Cleaver. (Citation: Cylance Cleaver) Strong circumstantial evidence suggests…
-
Confidence 100
Operation [Sharpshooter](https://attack.mitre.org/groups/G0104) is the name of a cyber espionage campaign discovered in October 2018 targeting nuclear, defense, energy, and financial companies. Though overlaps between this adversary and [Lazarus…
-
Confidence 100 22 MITREs 4 Malwares 60 IOCs 1 Tool
[Evilnum](https://attack.mitre.org/groups/G0120) is a financially motivated threat group that has been active since at least 2018.(Citation: ESET EvilNum July 2020)
-
GOLD SOUTHFIELD Pinchy SpiderConfidence 100 20 MITREs 1 Malware 3 IOCs 1 Tool
[GOLD SOUTHFIELD](https://attack.mitre.org/groups/G0115) is a financially motivated threat group active since at least 2018 that operates the [REvil](https://attack.mitre.org/software/S0496) Ransomware-as-a Service (RaaS). [GOLD SOUTHFIELD](https://attack.mitre.org/groups/G0115) provides backend infrastructure for affiliates recruited…
-
Confidence 100 1 CVE 57 MITREs 9 Malwares 102 IOCs 7 Tools
[Thrip](https://attack.mitre.org/groups/G0076) is an espionage group that has targeted satellite communications, telecoms, and defense contractor companies in the U.S. and Southeast Asia. The group uses custom malware as well…
-
Volatile Cedar Lebanese CedarConfidence 100 5 MITREs 2 Malwares
[Volatile Cedar](https://attack.mitre.org/groups/G0123) is a Lebanese threat group that has targeted individuals, companies, and institutions worldwide. [Volatile Cedar](https://attack.mitre.org/groups/G0123) has been operating since 2012 and is motivated by political and…
-
Confidence 100 43 MITREs 8 Malwares 9 IOCs 9 Tools
[APT33](https://attack.mitre.org/groups/G0064) is a suspected Iranian threat group that has carried out operations since at least 2013. The group has targeted organizations across multiple industries in the United States,…
-
Confidence 100 3 CVEs 37 MITREs 6 Malwares 27 IOCs
Winter Vivern is a group linked to Russian and Belorussian interests active since at least 2020 targeting various European government and NGO entities, along with sporadic targeting of…
-
Confidence 100 1 CVE 68 MITREs 15 Malwares 107 IOCs
[SideCopy](https://attack.mitre.org/groups/G1008) is a Pakistani threat group that has primarily targeted South Asian countries, including Indian and Afghani government personnel, since at least 2019. [SideCopy](https://attack.mitre.org/groups/G1008)'s name comes from its…
-
Confidence 100 12 MITREs 2 Malwares 4 Tools
[FIN5](https://attack.mitre.org/groups/G0053) is a financially motivated threat group that has targeted personally identifiable information and payment card information. The group has been active since at least 2008 and has…
-
Confidence 100 11 MITREs 1 Malware
[Machete](https://attack.mitre.org/groups/G0095) is a suspected Spanish-speaking cyber espionage group that has been active since at least 2010. It has primarily focused its operations within Latin America, with a particular…
-
Confidence 100 6 MITREs 1 Malware 1 Tool
[Mofang](https://attack.mitre.org/groups/G0103) is a likely China-based cyber espionage group, named for its frequent practice of imitating a victim's infrastructure. This adversary has been observed since at least May 2012…