Threat Actor Profile
Low
Cybercriminal
Confidence Score
Known Aliases
ms13-089
Tags
ransomware
ransomware.live
ms13-089
First Seen
Unknown
Last Updated
Unknown
Active Status
ActiveCreated
April 29, 2026
Indicators of Compromise
Loading IOCs…
IOC KQL for Sentinel
STIX Data
{'added_date': '2025-12-18',
'client': '2003264@sit.singaporetech.edu.sg',
'description': None,
'firstseen': '2025-12-18T09:54:31.709751+00:00',
'group': 'ms13089',
'has_negotiations': False,
'has_ransomnote': False,
'lastseen': '2026-01-15T23:16:37.969954+00:00',
'locations': [{'available': True,
'fqdn': 'msleakjir7pxbe6onlqe5uwgvdmy6nq4mnwfy7ojswbhnleenm77vgad.onion',
'slug': 'http://msleakjir7pxbe6onlqe5uwgvdmy6nq4mnwfy7ojswbhnleenm77vgad.onion',
'title': 'MS13-089 Blog',
'type': 'DLS'}],
'negotiation_count': 0,
'ransomnotes_count': 0,
'tiaras_metadata': {'has_negotiations': False,
'has_ransomnote': False,
'locations': [{'available': True,
'fqdn': 'msleakjir7pxbe6onlqe5uwgvdmy6nq4mnwfy7ojswbhnleenm77vgad.onion',
'slug': 'http://msleakjir7pxbe6onlqe5uwgvdmy6nq4mnwfy7ojswbhnleenm77vgad.onion',
'title': 'MS13-089 Blog',
'type': 'DLS'}],
'negotiation_count': 0,
'ransomnotes_count': 0,
'ransomware_live_group': 'ms13089',
'tools': {},
'url': 'https://www.ransomware.live/group/ms13089',
'victims': 3,
'vulnerabilities': []},
'tiaras_source': 'ransomware.live',
'tools': {},
'ttps': [],
'url': 'https://www.ransomware.live/group/ms13089',
'victims': 3,
'vulnerabilities': []}