Active ransomware operator
← All groupsm3rx
29 victims indexed · first seen 3 months ago · last activity 3 days ago
At a glance
- Status
- active
- First seen
- 3 months ago
- Last activity
- 3 days ago
- Onion sites
- 2 known endpoints
- Primary sector
- Consumer Services · 3 hits
About
References
1 linkExternal sources curated by the MISP threat-intel community.
Timeline
1 monthsTop countries
Top sectors
MITRE ATT&CK
1 techniques · 1 tacticsTactics
Techniques
- T1486Data Encrypted for Impact
Recent victims
Loading…
Onion infrastructure
2 known- http://4k6plf4h2cm2nco6ae3inrsxnmqgl6lllmwefydhnlcq4tuhwbj4qpad.onion
- http://pippahtohg6qgioqu3ixrsueefuw7thythmmeanyrgwn3eixcuu6jvqd.onion
Source
Updated 3 days agoData on this page is sourced from the group's own leak posts, cross-checked with public ransomware trackers (RansomLook, ransomware.live, RansomWatch), MITRE ATT&CK, and our own Tor and Telegram crawlers. This is a public observatory page — share freely.
Get alerted the next time m3rx posts a victim.
Add m3rx to your watchlist — Pro pings you within 5 minutes of any new m3rx leak-site post, Telegram callout, or affiliate-rebrand inference.

