KAX17

MISP

Type:
Unknown

Country:
Unknown

First seen:
Unknown

Details:

KAX17 is a sophisticated threat actor that has been active since at least 2017. They have operated hundreds of malicious servers within the Tor network, primarily as entry and middle points. Their main objective appears to be collecting information on Tor users and mapping their routes within the network. Despite efforts to remove their servers, KAX17 has shown resilience and continues to operate.

References (4)

malwarebytes.com - Amp
therecord.media - A Mysterious Threat Actor Is Running Hundreds Of Malicious Tor Relays
darknetlive.com - Who Is Responsible For Running Hundreds Of Malicious Tor Relays
nusenu.medium.com - Is Kax17 Performing De Anonymization Attacks Against Tor Users 42e566defce8

Metadata

ID:	506
Created:	13/01/2026 17:48
Updated:	07/03/2026 16:00