Loading ThreatScope content
Threat intelligence overview
TrackingA defensive threat intelligence overview for actor tracking, campaign context, ATT&CK mappings, malware notes, IOCs, and SOC analyst guidance.
Local mock profiles
Highest analyst priority
Recent activity notes
Safe sample indicators
Latest campaign notes from local mock data
Mock campaign note covering unusual help desk changes, MFA reset events, and first-seen device access.
Mock campaign note focused on unusual cloud access patterns and permission changes in research environments.
Mock activity cluster involving credential harvesting signals, mailbox access anomalies, and document repository enumeration.
Mock campaign note focusing on exposed file transfer services and unusual outbound data movement.
Current local dataset by actor category
Dominant category: APT
Browse mapped techniques by tactic and actor
Priority actors
North Korea
Lazarus Group is a state-linked intrusion set known for financially motivated operations, espionage, and cryptocurrency-focused activity. This profile is written for defensive analysis and portfolio demonstration.
Unknown / cybercrime ecosystem
LockBit is represented as a ransomware ecosystem focused on financial extortion, affiliate-driven intrusions, data theft pressure, and file encryption impact.
Russia
APT28 / Fancy Bear is modeled as an espionage-focused actor associated with political, defense, media, and government targeting. Content is kept defensive and educational.