RANSOMWARE OPERATION💰 FINANCIAL
ms13-089
3
victims
1
aliases
Intelligence Profile
ms13-089 — tracked by MISP Galaxy (ransomware).
Threat Analysis
ms13-089 is a ransomware operation that deploys encryption-based extortion against organizations globally. This group maintains a data leak site (DLS) to pressure victims into paying ransom demands.
Financially motivated threat actors like ms13-089 prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
Ransomware Victims (3)
CTIWATCH tracks 3 organizations claimed as victims by ms13-089 on its data leak site, with attack dates, sectors and countries.
View full victims list →External References
Quick Facts
TypeRansomware Operation
Motivation💰 financial
Aliases1
Also Known As
ms13-089
DLS Infrastructure
● ONLINEmsleakjir7pxbe6onlqe5uwgvdmy6nq4mnwfy7ojswbhnleenm77vgad.onion
● ONLINEchatmsuppxeoma533636ga3g5k56wlyl3zvycya35nhgoktrtg7wgzyd.onion
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.