It has become a standard naming convention for APTs that you cannot identify but because of the complexity or range of the attack you believe it is an APT.
So if you are writing up a report on an APT level attack and you cannot currently who it is, the people will use the TEMP. to indicate that. If they later discover the APT is know some places will go in and edit the report and change the name others will indicate near the top that the TEMP.* is know as some other name.
Then in those cases where it is a brand near APT they will drop TEMP. and name them with the rest. For example TEMP.reaper was discovered to be an APT which worked under a known APT but has now started working on their own, so places are calling them Reaper now.
Then in other cases you will have various companies use thier own name; which is why some APTs have a long list of names.
Thank you for you reply.
And is there an authority of naming? something like CVE.