Thrip (Threat Actor)

SYMBOL	COMMON_NAME	aka. SYNONYMS

Thrip (Back to overview)

aka: ATK78, G0076

This threat actor targets organizations in the satellite communications, telecommunications, geospatial-imaging, and defense sectors in the United States and Southeast Asia for espionage purposes.

Associated Families

win.catchamas win.rikamanu win.spedear win.wmighost

References

2022-05-31 ⋅ Thales ⋅ Thales
Cyber Threat Handbook 2002
GOBLIN PANDA Thrip

2020-03-04 ⋅ CrowdStrike ⋅ CrowdStrike
2020 CrowdStrike Global Threat Report
MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER

2019-01-01 ⋅ Council on Foreign Relations ⋅ Cyber Operations Tracker
Thrip
Thrip

2019-01-01 ⋅ MITRE ⋅ MITRE ATT&CK
Group description: Thrip
Thrip

2018-06-19 ⋅ Symantec ⋅ Security Response Attack Investigation Team
Thrip: Espionage Group Hits Satellite, Telecoms, and Defense Companies
Catchamas Rikamanu Spedear WMI Ghost Thrip

2017-07-17 ⋅ Secrary Blog ⋅ Lasha Khasaia
WMIGhost / Wimmie - WMI malware
WMI Ghost

Credits: MISP Project