3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
MRZ

MRZ

ID: e9ddff11fff52019e77d595b011b083f
Cybercrime Cybercriminal
Threat types: Cybercrime, Intrusion, RaaS
Unknown
Updated: 2026-04-13
Created: 2026-02-19
Progress: 66% Completeness: 55% Freshness: 90%
Operation zone:
Aliases Limited alias preview
No aliases registered.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

MRZ is referenced in open reporting as a claimed member of the FunkSec extortion/ransomware cluster; persona-specific TTPs are not independently documented, so mapping is cluster-derived and conservative.


Technique Technique name Tactics Evidence
T1486 Data Encrypted for Impact TA0040
  • 2025-01-10 — Cluster-level reporting describes FunkSec/FunkLocker ransomware use consistent with encryption for impact. · ref
T1565.001 Stored Data Manipulation TA0040
  • 2025-01-10 — INFERENCE (confidence: low): double-extortion narratives imply data manipulation/leak pressure, but specific integrity impacts are not consistently detailed for MRZ. · ref
T1190 Exploit Public-Facing Application TA0001
  • 2025-01-16 — INFERENCE (confidence: medium): advisory-style summaries align with ransomware ecosystem reliance on exploitation of exposed edge services; treat as likely initial access vector for the cluster. · ref
T1078 Valid Accounts TA0001 TA0003 TA0004 TA0005
  • 2025-02-11 — INFERENCE (confidence: medium): cluster described as selling access and operating across IAB-like behaviors, which commonly relies on valid accounts and credential reuse. · ref
T1059 Command and Scripting Interpreter TA0002
  • 2025-06-30 — INFERENCE (confidence: medium): reporting on tooling and automation for FunkSec implies scripting/command execution for staging and operations at scale. · ref
T1490 Inhibit System Recovery TA0040
  • 2025-10-02 — INFERENCE (confidence: medium): detection guidance for FunkLocker-style ransomware emphasizes recovery-inhibition behaviors; treat as expected precursor pattern. · ref
T1567.002 Exfiltration to Cloud Storage TA0010
  • 2025-01-10 — INFERENCE (confidence: low): double extortion posture implies exfiltration to external services; exact mechanism varies and is not MRZ-specific. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-04-13T15:10:31+00:00

MRZ — Alleged FunkSec-associated persona (claimed member)

Classification: TLP: WHITE - Open Source Intelligence (OSINT)

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — MRZ (FunkSec-associated persona)


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-02-20T02:19:03+00:00

IOC Appendix — MRZ

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-02-20T02:19:24+00:00

OSINT Library — MRZ


2025-02-11 — ASEC (AhnLab) — “January 2025 Deep Web and Dark Web Trend Report (FunkSec section)”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/0
No social links registered for this profile.
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.