Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo CROWE.COM

Group: clop

Discovered by ransomware.live: 2023-07-07

Estimated attack date: 2023-07-07

Description:

Accounting, Consulting & Technology - Crowe LLP

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 2

Compromised Users: 31

Third Party Employee Credentials: 4

External Attack Surface: 14


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abuse godaddy.com
MX Records
  • crowe-com.mail.protection.outlook.com.
TXT Records
  • hb3yrn5krx7l23xt77j1z43xgk4125l6
  • apple-domain-verification=f9gtlBo35R8zH87e
  • 9ca9ed1b86ca4cd1aea42d5ccf4531d0
  • v=spf1 ip4:159.246.0.0/16 ip4:64.94.115.65/32 ip4:216.188.132.110/31 ip4:72.32.26.33 ip4:18.192.64.90 ip4:149.72.184.155 ip4:149.72.219.210 ip4:52.191.141.216 ip4:51.141.163.73 include:spf.protection.outlook.com -all
  • docker-verification=eaa78ba5-aada-495b-a52e-4078dcd2fd06
  • wfn2y4vy55lnnkwvqwvtvm0pptcl1h46
  • openai-domain-verification=dv-6UXb18pfgx8fLf3UGihtUFpz
  • cursor-domain-verification-r27x0w=vOtUydbsQUa6lx3c1lRIxdZZZ
  • smartsheet-site-validation=oa2W1JmCoPBY004Csp3ylZEUTtibMzCs
  • docusign=94e55021-57c9-4b8c-999e-421f64af9205
  • onetrust-domain-verification=79959b90441e464192e68a534e052d4a
  • 0sn030jv42qj0t1cttwpgxg0q82cqv0t
  • MS=ms39394582
  • no#3de86292-dd58-4f83-97b2-2066055013d1
  • docusign=8538bbf4-f4f9-4477-81b7-3ef6c925ce69
  • google-site-verification=yVwENKfkmKXPD9goiA1UPTDxSGcztUgJU2IkvwWtsk4
  • citrix.mobile.ads.otp=rk9jhm2n3a0bdaxspf6zpd
  • 1password-site-verification=PJUICO3GBZFMHCJUUIZA5AD2ZU
  • W73sw/MTK678XHdpRt2C+yJ0P68SeqEGbgMKEs+8ztGiTVD0XwtBVptrWYymBjbZVr0JDgP24By9nSOweofqug==
  • _8cjci9or2y7sy8f7pf1ngnp2zchl4ov
  • ibmid=dbce65fc-8e82-41ac-93c0-f92c5d62868c
  • smartsheet-site-validation=-4XRIOc_gJtgooVlZQXe4eGoCZme3Yu0
  • fireflies-verification=01K0W6KEQ1GFCXG6QEY5YQ6Y0Y.ffverify.fireflies.ai-request-verification=2025-07-23T17:51:50Z
Cloud / SaaS Services Detected
Apple Microsoft 365 OneTrust DocuSign

Leak Screenshot:

Leak Screenshot