Active ransomware operator
← All groupsHunters International
aka Hunters · 695 victims indexed · first seen 3 years ago · last activity 4 months ago
At a glance
- Status
- active
- Aliases
- Hunters
- First seen
- 3 years ago
- Last activity
- 4 months ago
- Onion sites
- 7 known endpoints
- Primary sector
- Business Services · 123 hits
About
References
4 linksExternal sources curated by the MISP threat-intel community.
Timeline
24 monthsTop countries
Top sectors
MITRE ATT&CK
13 techniques · 10 tacticsTactics
Techniques
- T1190Exploit Public-Facing Application
- T1566Phishing
- T1059Command and Scripting Interpreter
- T1543Create or Modify System Process
- T1055Process Injection
- T1562Impair Defenses
- T1003OS Credential Dumping
- T1021Remote Services
- T1005Data from Local System
- T1039Data from Network Shared Drive
- T1041Exfiltration Over C2 Channel
- T1567Exfiltration Over Web Service
- T1486Data Encrypted for Impact
Recent victims
Loading…
Onion infrastructure
7 known- http://hunters33mmcwww7ek7q5ndahul6nmzmrsumfs6aenicbqon6mxfiqyd.onion
- http://hunters55atbdusuladzv7vzv6a423bkh6ksl2uftwrxyuarbzlfh7yd.onion
- https://hunters33mmcwww7ek7q5ndahul6nmzmrsumfs6aenicbqon6mxfiqyd.onion/login
- https://hunters55atbdusuladzv7vzv6a423bkh6ksl2uftwrxyuarbzlfh7yd.onion/api/public/companies
- https://hunters55rdxciehoqzwv7vgyv6nt37tbwax2reroyzxhou7my5ejyid.onion/api/public/companies
- http://hunters55rdxciehoqzwv7vgyv6nt37tbwax2reroyzxhou7my5ejyid.onion
- http://huntersinternational.net
Source
Updated 4 months agoData on this page is sourced from the group's own leak posts, cross-checked with public ransomware trackers (RansomLook, ransomware.live, RansomWatch), MITRE ATT&CK, and our own Tor and Telegram crawlers. This is a public observatory page — share freely.
Get alerted the next time Hunters International posts a victim.
Add Hunters International to your watchlist — Pro pings you within 5 minutes of any new Hunters International leak-site post, Telegram callout, or affiliate-rebrand inference.

