HOMETHREATSms13-089
RANSOMWARE OPERATION💰 FINANCIAL

ms13-089

3
victims
1
aliases

Intelligence Profile

ms13-089 — tracked by MISP Galaxy (ransomware).

Threat Analysis

ms13-089 is a ransomware operation that deploys encryption-based extortion against organizations globally. This group maintains a data leak site (DLS) to pressure victims into paying ransom demands.

Financially motivated threat actors like ms13-089 prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

Ransomware Victims (3)

CTIWATCH tracks 3 organizations claimed as victims by ms13-089 on its data leak site, with attack dates, sectors and countries.

View full victims list →

External References

Quick Facts

TypeRansomware Operation
Motivation💰 financial
Aliases1

Also Known As

ms13-089

DLS Infrastructure

● ONLINEmsleakjir7pxbe6onlqe5uwgvdmy6nq4mnwfy7ojswbhnleenm77vgad.onion
● ONLINEchatmsuppxeoma533636ga3g5k56wlyl3zvycya35nhgoktrtg7wgzyd.onion

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.