3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
HackPurgatory

HackPurgatory

ID: 43335327478c06d3680d12e05cfefd3c29474
Hacktivist Group Hacktivism
Threat types: Hacktivism, Intrusion, Data Leak
Mexico MEX
Updated: 2026-03-30
Created: 2026-03-27
Progress: 95% Completeness: 97% Freshness: 90%
Operation zone: Mexico
Aliases Limited alias preview
HACK [PURGATORY] 𝐇𝐀𝐂𝐊 [𝐏𝐔𝐑𝐆𝐀𝐓𝐎𝐑𝐘]™
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: low
Actor Techniques page ATT&CK® Diagram

Hackpurgatory is assessed as a Spanish-speaking cybercrime-adjacent brand or community node that combines public-facing cybersecurity messaging with exposed search/lookup style resources and ecosystem-level channel activity. Current evidence better supports an enabling, aggregation, or amplification role than a mature stand-alone intrusion profile.


Technique Technique name Tactics Evidence
T1589 Gather Victim Identity Information TA0043
  • 2025-12-01 — Public query / lookup functionality implies collection or retrieval of victim identity-related information. INFERENCE (confidence: medium): exposed lookup services could support identity-focused data gathering or validation workflows. · ref
T1596 Search Open Technical Databases TA0043
  • 2025-12-01 — The actor publicly promotes endpoints and searchable resources consistent with open technical or exposure-oriented database use. · ref
T1593 Search Open Websites/Domains TA0043
  • 2025-12-01 — Official site and tools branding align with open-source search and resource discovery posture rather than malware-led intrusion activity. · ref
T1585 Establish Accounts TA0042
  • 2025-12-01 — Public Telegram-facing branding and persistent external channels suggest deliberate establishment and maintenance of accounts for community growth and coordination. · ref
T1565.001 Stored Data Manipulation TA0040
  • 2026-03-19 — INFERENCE (confidence: low): if the reported doxing / leak association with Chronus Team is accurate, stored data may have been curated or packaged for exposure rather than simply discovered. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-03-30T19:38:45+00:00

Hackpurgatory — Possible Spanish-speaking cybercrime-adjacent collective / tooling community

Classification: TLP:WHITE - Open Source Intelligence (OSINT)

Category: Cybercrime-adjacent actor / possible pseudo-hacktivist community / tooling and leak-adjacent ecosystem - Origin: likely Spanish-speaking LATAM ecosystem (low confidence)

Author: iQBlack CTI Team


Executive Summary

Hackpurgatory is assessed as a possible Spanish-speaking cybercrime-adjacent collective or community brand operating through a public website, Telegram presence, and open promotion of searchable “OSINT” or “breach lookup” style resources. Publicly accessible material does not support high-confidence classification as a mature intrusion group in the same sense as a ransomware program or a long-documented hacktivist collective. Rather, the current picture is that of a hybrid ecosystem node: part community branding layer, part tooling hub, and part amplification or networking surface.


Open-source material shows Hackpurgatory maintaining a public-facing site that frames itself as an ethical cybersecurity community while also exposing breach-search, endpoint, and lookup functionality. That tension matters analytically: the gap between public self-presentation and the operational implications of the exposed services suggests either reputational laundering, dual-use positioning, or a community that mixes legitimate curiosity with clearly risky or potentially abusive capabilities.

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for CISO — Hackpurgatory

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — Hackpurgatory


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-03-30T19:44:31+00:00

IOC Appendix — Hackpurgatory

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-03-30T19:44:43+00:00

OSINT Library — Hackpurgatory


2026-03-19 — iVoox / La jaula del n00b — “Unión en el cibercrimen - seguimiento a grupos actuales y su evolución”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/13
Address Verification SOCMINT
t.me/Hac********** Restricted Not integrated
t.me/+oV************** Restricted Not integrated
t.me/+sp************** Restricted Not integrated
Address Verification SOCMINT
discord.gg/xhK******* Restricted Not integrated
Ses*************************************************************************** Restricted Not integrated
hackpurgatory.es/dat************* Restricted Not integrated
youtube.com/@ri******** Restricted Not integrated
instagram.com/rip********* Restricted Not integrated
tiktok.com/@ri******** Restricted Not integrated
Address Verification SOCMINT
breach.hackpurgatory.org Restricted Not integrated
hackpurgatory.org Restricted Not integrated
hackpurgatory.es Restricted Not integrated
Address Verification SOCMINT
github.com/RIP******** Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–3 of 3 images
Propaganda Free Preview
Propaganda
Banner Free Preview
Banner
Logo Free Preview
Logo