Track and analyze APT groups, ransomware gangs, hacktivists and cybercrime organizations — their targets, malware, techniques and IOCs updated in real time.
Turla · ATK13 · Blue Python · G0010
Target Countries
AfghanistanArmeniaAustriaAustraliaTarget Sectors
Energy & Utilities RetailEducational ServicesPublic AdministrationAssociated Malware
win.nautiluswin.tiny_turlaHyperStackasp.twofaceRelated CVEs
CVE-2025-6543CVE-2025-5777CVE-2025-52579CVE-2025-31199ATT&CK IDs
T1082T1572 - Protocol TunnelingT1047 - Windows Management InstrumentationT1132.001 - Standard EncodingTarget Countries
—Target Sectors
HealthCare & Social AssistanceInternet PublishingPerforming Arts CompaniesComputer Systems Design and Related ServicesAssociated Malware
—Related CVEs
CVE-2018-0802ATT&CK IDs
T1562.003 - Impair Command History LoggingT1568.002 - Domain Generation AlgorithmsT1060 - Registry Run Keys / Startup FolderT1055 - Process InjectionCOBALT SPIDER · Cobalt Gang · Cobalt Group · G0080
Target Countries
ArmeniaArgentinaAustriaAzerbaijanTarget Sectors
RetailFinanceElectrical&Electronical ManufacturingHospitalsAssociated Malware
NimzaLoaderUrsnifVenomRATMimikatzRelated CVEs
CVE-2025-19872CVE-2024-13161CVE-2024-13160CVE-2022-30190ATT&CK IDs
T1082T1572 - Protocol TunnelingT1537 - Transfer Data to Cloud AccountT1047 - Windows Management InstrumentationTarget Countries
United Arab EmiratesAustraliaBangladeshBulgariaTarget Sectors
Real EstateHospitalsAir TransportationConstructionAssociated Malware
—Related CVEs
CVE-2022-23943CVE-2021-44790CVE-2021-23017CVE-2019-12521ATT&CK IDs
T1195 - Supply Chain CompromiseT1140 - Deobfuscate/Decode Files or InformationT1199 - Trusted RelationshipT1003 - OS Credential DumpingUnderground · TeamUnderground
Target Countries
United Arab EmiratesAustraliaBrazilCanadaTarget Sectors
Construction of BuildingsOther Information ServicesHospitalsManufacturingAssociated Malware
—Related CVEs
CVE-2023-36884ATT&CK IDs
T1021.002T1059.003T1018T1105Chaos · Dark · Void
Target Countries
AustraliaCanadaGermanyUnited KingdomTarget Sectors
Construction of BuildingsSoftware PublishersEnterprises & HoldingAir TransportationAssociated Malware
—Related CVEs
—ATT&CK IDs
—El-Dorado · Global · BlackLock · Eldorado
Target Countries
United Arab EmiratesArgentinaAustraliaArubaTarget Sectors
Construction of BuildingsOther Information ServicesSoftware PublishersReal EstateAssociated Malware
—Related CVEs
CVE-2021-21974ATT&CK IDs
—SFile2 · SFile · Escal
Target Countries
ArgentinaCanadaFranceItalyTarget Sectors
Construction of BuildingsFood ManufacturingMonetary Authorities-Central BankCredit UnionsAssociated Malware
—Related CVEs
—ATT&CK IDs
T1566T1490T1176T1090SOCRadar Threat Actor Database is a free repository of structured intelligence profiles covering over 500 documented cyber threat actors — nation-state APT groups, ransomware operations, hacktivist collectives and financially motivated cybercrime organizations. Each profile aggregates origin country, targeted sectors and geographies, attributed malware families, known aliases, historical campaigns, MITRE ATT&CK technique coverage and indicators of compromise. No account required.
Common questions about threat actors and APT groups
We use cookies to improve your experience, analyze traffic, and personalize content. We won't set non-essential cookies until you agree. Privacy Policy
Afghanistan
Armenia
Austria
Australia
Argentina
Azerbaijan
United Arab Emirates
Bangladesh
Bulgaria
Brazil
Canada
Germany
United Kingdom
France
Italy