Skip to main content

Operator dossier

Marketo is a ransomware operator no longer publishing new disclosures. Darkfield has indexed 32 public victims claimed by this operator between December 7, 2021 and February 14, 2022. Marketo is a relatively obscure ransomware group that emerged in December 2021 with primarily financial motivations, having compromised 32 known victims across multiple sectors. The group's origin and affiliations remain largely undocumented in public threat intelligence reporting, with no confirmed information available regarding their country of origin, connections to other cybercriminal organizations, or operational structure. Their attack methodology, encryption techniques, and specific tactics have not been extensively documented by major security firms or law enforcement agencies, though their targeting patterns indicate a focus on high-value sectors including automotive, healthcare, and government organizations. The group has demonstrated a geographic preference for victims in the United States, Italy, and the United Kingdom, suggesting either regional operational capabilities or specific interest in these markets. Due to limited public documentation from authoritative sources such as CISA, FBI, or established security researchers, detailed information about notable campaigns, ransom demands, or specific attack vectors remains unavailable in the public domain. The current operational status of Marketo is unclear based on available public intelligence reporting.

Most-targeted sectors

Most-affected countries

Recent disclosures by Marketo

All 32 indexed disclosures. Click any row for the full per-victim dossier.

See every disclosure indexed for Marketo

How we know this. Operator profiles on Darkfield are built from continuous monitoring of every leak site the group is known to operate, cross-correlated with community-curated feeds (RansomLook, ransomware.live, RansomWatch, MISP-galaxy). Status flips from active to inactive when no new disclosure appears for 60 days. MITRE ATT&CK mappings shown in the interactive section below are sourced from CISA, vendor analysis, and the MITRE community catalog — we attribute each technique back to its source. Aliases reflect operator re-brands and affiliate splits.

Inactive ransomware operator

All groups

Marketo

32 victims indexed · first seen 5 years ago · last activity 4 years ago

32
Victims indexed
#139 of 364 tracked operators
2m
Active period
Dec 2021 → Feb 2022
3
Countries hit
top United States · 4

At a glance

Status
inactive
First seen
5 years ago
Last activity
4 years ago
Onion sites
4 known endpoints
Primary sector
Automotive · 2 hits

About

Marketo is a relatively obscure ransomware group that emerged in December 2021 with primarily financial motivations, having compromised 32 known victims across multiple sectors. The group's origin and affiliations remain largely undocumented in public threat intelligence reporting, with no confirmed information available regarding their country of origin, connections to other cybercriminal organizations, or operational structure. Their attack methodology, encryption techniques, and specific tactics have not been extensively documented by major security firms or law enforcement agencies, though their targeting patterns indicate a focus on high-value sectors including automotive, healthcare, and government organizations. The group has demonstrated a geographic preference for victims in the United States, Italy, and the United Kingdom, suggesting either regional operational capabilities or specific interest in these markets. Due to limited public documentation from authoritative sources such as CISA, FBI, or established security researchers, detailed information about notable campaigns, ransom demands, or specific attack vectors remains unavailable in the public domain. The current operational status of Marketo is unclear based on available public intelligence reporting.

Timeline

2 months
2021-12-01T00:00:00+00:00 · 312022-02-01T00:00:00+00:00 · 1
2021-12-01T00:00:00+00:002022-02-01T00:00:00+00:00

Top countries

🇺🇸 United States
4
🇮🇹 Italy
1
🇬🇧 United Kingdom
1

Top sectors

Automotive
2
Healthcare
1
Government
1

MITRE ATT&CK

4 techniques · 4 tactics

Tactics

Initial AccessExecutionDefense EvasionImpact

Techniques

Recent victims

Loading…

Onion infrastructure

4 known
  • http://jvdamsif53dqjycuozlaye2s47p7xij4x6hzwzwhzrqmv36gkyzohhqd.onion
  • http://fvki3hj7uxuirxpeop6chgqoczanmebutznt2mkzy6waov6w456vjuid.onion
  • http://g5sbltooh2okkcb2.onion
  • http://marketojbwagqnwx.onion

Source

Updated 4 years ago

Data on this page is sourced from the group's own leak posts, cross-checked with public ransomware trackers (RansomLook, ransomware.live, RansomWatch), MITRE ATT&CK, and our own Tor and Telegram crawlers. This is a public observatory page — share freely.

Get alerted the next time Marketo posts a victim.

Add Marketo to your watchlist — Pro pings you within 5 minutes of any new Marketo leak-site post, Telegram callout, or affiliate-rebrand inference.