Ms13089 / Ms13-089
| Active
MS13089 is a newly emerged ransomware group (first observed December 2025) that named itself after a 2013 Microsoft Security Bulletin, claiming a handful of victims including a law firm, operating primarily as a double-extortion actor.
Victims
4
First Discovered
2025-12-18
victim
Last Discovered
2026-05-05
victim
Inactive Since
8
days
Avg Delay
N/A
attack→claim
Infostealer
0.0%
victims with domain
Countries
4
hit
Attack Velocity — Last 12 months
1 victim this month
Known Locations (1)
| Favicon | Title | Type | Available | Last Visit | Server Info | FQDN | |
|---|---|---|---|---|---|---|---|
|
MS13-089 Blog | Yes | 2026-05-13T22:18:06 | nginx 1.24.0 |
msleakjir7pxbe6onlqe5uwgvdmy6nq4mnwfy7ojswbhnleenm77vgad.onion
|
Target
Top 5 Activity Sectors
- Business Services 2
- Consumer Services 1
- Healthcare 1
Top 5 Countries
-
United States
1
-
Luxembourg
1
-
Italy
1
-
Germany
1
Heatmap
YARA Rules (1)
Indicators of Compromise (IoCs) (1)
Email
1
| Type | IOC |
|---|---|
Email
|
ms13@onionmail.org
|
Victims (4)
At Brittany Residential, Inc., we believe in creating a world where individuals with developmental d…
SJL is a high-end independent business law firm renowned for its savoir faire and reliability. The f…
Aree di specializzazione: contabilità, bilanci, dichiarazioni fiscali, incarichi di sindaco e reviso…
