Exploit And Vulnerability Intelligence

Threat Actor Naming

Tracking threat actors across the cybersecurity industry can be a challenge, given vendors inconsistent naming strategies.

VulnCheck Exploit & Vulnerability Intelligence tracks hundreds of named threat actors who have been reported to exploit specific vulnerabilities in the wild.

VulnCheck tracks Advanced Persistent Threat (APT), named Threat Actors, ransomware groups, botnets, and other adversaries. We track a wide variety of named threat actors, including Threat Actors from Russia & China, as well as Threat Actors who have been reported to target Industrial Control Systems & Operational Technology (ICS/OT). VulnCheck collects Threat Actor information from a wide variety of sources and then assembles this disparate information into the industry’s most easily consumable exploit intelligence offering, VulnCheck Exploit & Vulnerability Intelligence.

With VulnCheck Exploit & Vulnerability Intelligence, threat actors can easily be looked up by a wide variety of names and naming schemes.

In the Cybersecurity industry there exists many different naming schemes for Threat Actors. Each Cybersecurity vendor tends to name Threat Actors using their own methodologies, which makes correlating Threat Actor behaviors more challenging. At VulnCheck, we support researching Threat Actors using a wide variety of options.

MITRE Attack Group Names

Many organizations rely on MITRE Attack Group names for Threat Actors. VulnCheck Exploit & Vulnerability Intelligence includes the MITRE Attack Group name, as well as the aliases, as shown below:

{
  "name": "Dragonfly",
  "aliases": [
    "Dragonfly",
    "TG-4192",
    "Crouching Yeti",
    "IRON LIBERTY",
    "Energetic Bear"
  ]
}

MISP Threat Actor Names

Many other organizations rely on MISP Threat Actor names for correlating Threat Actor behaviors. VulnCheck Exploit Intelligence includes the MISP Threat Actor names (the value field below), as well as the aliases, shown below as synonyms:

{
  "synonyms": [
    "Dragonfly",
    "Crouching Yeti",
    "Group 24",
    "Havex",
    "CrouchingYeti",
    "Koala Team",
    "IRON LIBERTY"
  ],
  "value": "Energetic Bear"
}

Cybersecurity Vendor Names

Some of the Cybersecurity vendors have their own naming schemes and make it straightforward to follow. In these cases, VulnCheck Exploit & Vulnerability Intelligence also includes the Threat Actor names used by the vendor. Three such naming schemes VulnCheck Exploit & Vulnerability Intelligence supports natively, are CrowdStrike, Dragos, Mandiant, & Microsoft naming systems.

  "vendor_names_for_threat_actors": [
    {
      "vendor_name": "CrowdStrike",
      "threat_actor_name": "Fancy Bear"
    },
    {
      "vendor_name": "Dragos",
      "threat_actor_name": "PETROVITE",
      "url": "https://www.dragos.com/threat/petrovite/"
    },
    {
      "vendor_name": "Microsoft",
      "threat_actor_name": "Forest Blizzard",
      "url": "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming"
    },
    {
      "vendor_name": "Mandiant",
      "threat_actor_name": "APT28",
      "url": "https://www.mandiant.com/resources/insights/apt-groups"
    }
  ]

Regardless of what Threat Actor naming scheme your organization uses, VulnCheck Exploit & Vulnerability Intelligence makes it easy to find the Threat Actors you're looking for.

Exploit Intelligence

Leverage best-in-class exploit intelligence from VulnCheck to understand the state of vulnerability exploitation for a given vulnerability.

Early Access to Unpublished CVEs

VulnCheck Exploit & Vulnerability Intelligence includes early access to CVEs not yet published in the NIST National Vulnerability Database (NVD).