Evidence timeline
A chronological view of the actor's observed activity, where every entry links back to the source it came from — news, vendor reporting, disclosure feeds.
Platform · Actor Tracking
A living dossier on every adversary that matters to you.
Choose the threat actors worth watching, and ThreatSpire maintains an evidence-backed profile for each one — continuously updated, mapped to MITRE ATT&CK, and ready for your analysts to act on. No more profiles that go stale the day after you write them.
threatspire / actors / SILVERSCALE-117
Tracked actor
SILVERSCALE-117
aliases: QuietHerald · TG-4421 · DRIFTLOOM
HIGH CONFIDENCE updated 14m ago
MITRE ATT&CK — observed techniques
9 / 15 mappedInitial Access
T1566
T1190
T1133
Execution
T1059
T1204
T1053
Persistence
T1547
T1136
T1098
C2
T1071
T1573
T1090
Exfiltration
T1041
T1567
T1029
Evidence timeline
2d ago
vendor-x reportingPhishing wave against Nordic logistics observed — lure docs use new macro loader.
6d ago
internal telemetryBeaconing to fastflux .top domain cluster; TLS JA3 matches prior campaign.
11d ago
disclosure feedDisclosure: stolen credentials posted on darkforum thread tied to actor alias.
The problem
Adversary profiles decay the moment you finish them.
Most teams track threat actors in a wiki page or a slide deck. It's accurate the day it's written and outdated a week later. Reporting scatters across feeds and inboxes, claims go unsourced, and the curation work quietly eats your analysts' time — time that should go to decisions, not maintenance.
Pain
Profiles that go stale
A wiki entry written on Monday is wrong by Friday — and nobody updates it.
Cost
Analyst time spent curating
Hours per week copy-pasting from feeds into documents that nobody trusts.
How it works
From watchlist to evidence-backed dossier.
- 01
Choose
Start from a catalog of 180+ known adversary groups, seeded from MITRE ATT&CK. Promote the ones relevant to your sector and environment.
- 02
Auto-build
The moment you track an actor, ThreatSpire assembles a profile: identity and aliases, known techniques, and a starting timeline.
- 03
Keep current
It continuously ingests news and vendor reporting, ties every finding to its source, and refreshes the profile so it never goes stale.
- 04
Hand off
Analysts open an evidence-backed notebook with everything in one place — ready to decide, not to curate.
Inside a profile
What's inside an actor profile.
Each profile is a single, coherent surface for an adversary — not a folder of links.
MITRE ATT&CK mapping
Behavior aligned to ATT&CK techniques natively, so you can see how an actor operates and where your coverage gaps are.
Priority questions
The intelligence questions worth answering next about this actor, each with telemetry anchors and the related IOCs already attached.
Related indicators
Domains, IPs, and hashes tied to the actor — surfaced from reporting and ready to validate and operationalize.
Grounded AI summary
A plain-language briefing of what's new and what matters, drafted from the cited sources in the profile — assistive, never hallucinated, always analyst-controlled.
Why it's different
Three ideas the rest of the market keeps getting wrong.
You track your adversaries, not a firehose.
Relevance over volume — focus on the groups actually targeting your sector. ThreatSpire stops asking analysts to drink from every feed and instead asks: who are you defending against, and what's new about them today?
Profiles that maintain themselves.
Continuous ingestion keeps every dossier current without manual upkeep. Open a profile six months from now and find it as fresh as the day you started tracking the actor.
Defensible by construction.
Every claim is source-linked, so your intelligence holds up to scrutiny — from a hunt lead to a board briefing. If it isn't sourced, it isn't in the profile.
A running start
180+ adversary groups out of the boxEvery finding source-linkedMITRE ATT&CK-nativeUpdated continuously
Day-one coverage instead of a blank page.
See ThreatSpire tracking your adversaries.
Bring your own actor list — we'll show you the profiles it builds.