Threat Actor Database

Know Your
Enemy

Track and analyze APT groups, ransomware gangs, hacktivists and cybercrime organizations — their targets, malware, techniques and IOCs updated in real time.

500+Threat Actors
100K+IOC Indicators
10K+ATT&CK Techniques

Top Threat Actors

1,146

Lazarus Group

APT

APT 38 · APT-C-26 · APT38 · ATK117

#1
184.2MAudience
7kNews
49kIOCs

Target Countries

United Arab EmiratesAustraliaBangladeshBelgium

Target Sectors

Food ManufacturingHospitalsPublic AdministrationInternet Publishing

Associated Malware

win.nachocheeseelf.spectral_blurwin.electricfishKillDisk

Related CVEs

CVE-2025-9491CVE-2025-9074CVE-2025-8088CVE-2025-7775

ATT&CK IDs

T1003.001T1059.002 - AppleScriptT1008T1021 - Remote Services
View Details

SCATTERED SPIDER

APT

0ktapus · DEV-0971 · Muddled Libra · Octo Tempest

#2
175.7MAudience
6kNews
491IOCs

Target Countries

AustraliaBelgiumColombiaUnited Kingdom

Target Sectors

HospitalsAccommodationAir TransportationPublic Administration

Associated Malware

WarzoneRATMimikatz

Related CVEs

CVE-2025-6558CVE-2025-6554CVE-2025-61884CVE-2025-61882

ATT&CK IDs

T1003.001T1008T1021 - Remote ServicesT1136
View Details

NoName057

APT

05716nnm · Nnm05716 · NoName057(16) · NoName05716

#3
149.5MAudience
4kNews
32kIOCs

Target Countries

United Arab EmiratesArmeniaArgentinaAustria

Target Sectors

Food ManufacturingOther Information ServicesMonetary Authorities-Central BankCredit Unions

Associated Malware

ZbotexpiroSmoke LoaderWACATAC

Related CVEs

CVE-2025-64669CVE-2025-5777CVE-2025-34067CVE-2025-2857

ATT&CK IDs

T1453T1105 - Ingress Tool TransferT1095 - Non Application Layer ProtocolT1497 - Virtualization/Sandbox Evasion
View Details

TeamPcp

APT

ShellForce · Persy_PCP · CipherForce · PCPcat

#4
139.3MAudience
1kNews
475IOCs

Target Countries

BrazilGermanyFranceUnited Kingdom

Target Sectors

Public AdministrationInsuranceMotion Picture and Video ProductionData Processing, Hosting, and Related Services

Associated Malware

Related CVEs

CVE-2026-48027CVE-2026-45321CVE-2026-33634CVE-2026-1731

ATT&CK IDs

T1059.003 - Windows Command ShellT1059.004 - Unix ShellT1204.002 - Malicious FileT1552.004 - Private Keys
View Details

Top Ransomware Groups

409

Qilin

Ransomware

agenda

#1
784.6MAudience
20kNews
2kIOCs

Target Countries

United Arab EmiratesAlbaniaAngolaArgentina

Target Sectors

Construction of BuildingsFood ManufacturingOther Information ServicesSoftware Publishers

Associated Malware

Qilin

Related CVEs

CVE-2026-50752CVE-2026-50751CVE-2025-5777CVE-2025-53771

ATT&CK IDs

T1486T1490T1078T1071.001
View Details

thegentlemen

Ransomware

The Gentlemen Ransomware · the gentlemen

#2
696.1MAudience
8kNews
216IOCs

Target Countries

United Arab EmiratesArgentinaAustriaAustralia

Target Sectors

Construction of BuildingsFood ManufacturingOther Information ServicesRail Transportation

Associated Malware

Related CVEs

CVE-2025-7771CVE-2025-33073CVE-2025-32433CVE-2024-55591

ATT&CK IDs

T1190T1078T1087T1046
View Details

shinyhunters

Ransomware

UNC6040 · Scattered Lapsus$ Hunters (SLH) · ShinyCorp

#3
446.4MAudience
7kNews
665IOCs

Target Countries

AustriaAustraliaBelgiumBrazil

Target Sectors

Food ManufacturingOther Information ServicesCredit UnionsRail Transportation

Associated Malware

Related CVEs

CVE-2026-35273CVE-2025-61884CVE-2025-61882CVE-2025-55234

ATT&CK IDs

View Details

akira

Ransomware

Storm-1567 · GOLD SAHARA · PUNK SPIDER

#4
411.2MAudience
15kNews
2kIOCs

Target Countries

AndorraUnited Arab EmiratesArgentinaAustria

Target Sectors

Construction of BuildingsFood ManufacturingOther Information ServicesRail Transportation

Associated Malware

NetSupportManagerRATwin.raccoonelf.glupteba_proxywin.pony

Related CVEs

CVE-2025-9242CVE-2025-62215CVE-2025-40605CVE-2025-40604

ATT&CK IDs

T1573 - Encrypted ChannelT1018T1082 - System Information DiscoveryT1562
View Details

SOCRadar Threat Actor Database is a free repository of structured intelligence profiles covering over 500 documented cyber threat actors — nation-state APT groups, ransomware operations, hacktivist collectives and financially motivated cybercrime organizations. Each profile aggregates origin country, targeted sectors and geographies, attributed malware families, known aliases, historical campaigns, MITRE ATT&CK technique coverage and indicators of compromise. No account required.

F.A.Q.

Common questions about threat actors and APT groups