APT & Threat Actor Lists & Profiles

Companies use different names for the same threat actors (a broad term including APTs and other malicious actors). They follow different naming conventions; CrowdStrike uses animals (e.g., Wizard Spider), Microsoft uses weather types (e.g., Midnight Blizzard), Mandiant uses numbers (e.g., APT38), etc.

Photo by Bernd Dittrich on Unsplash

This can be confusing to cyber threat intel analysts, so when tracking and researching threat actors, it’s useful to have lists that give their various names (aliases).

It’s a bonus if the lists provide profiles with additional info about the actors, such as targeted nations, targeted industries, malware used, notable campaigns, and other TTPs.

Here are a few such lists. If you know of others, please let me know!

EternalLiberty

MITRE ATT&CK Groups

Malpedia Threat Actors (powered by MISP)

Threat Group Cards: A Threat Actor Encyclopedia

APTMAP

ORKL

Cyber Threat Group Profiles: Their Objectives, Aliases, and Malware Tools

APT Groups and Operations - Google Drive

AlienVault - Open Threat Exchange

Here are a few lists from InfoSec companies. They’re specific to those companies, so they don’t provide aliases, but they do provide additional info.

Advanced Persistent Threat Groups

Crowdstrike Threat Landscape: APTs & Adversary Groups

UNIT 42 PLAYBOOK VIEWER

Your first line of defense against adversaries | Dragos

Targeted cyberattacks logbook