Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo CannonDesign

Group: avoslocker

Discovered by ransomware.live: 2023-02-11

Estimated attack date: 2023-02-11

Description:

Employees: 1,100 - Revenue: $279.8M - Site: www.cannondesign.com Exfiltrated: 5.7 TB Wasting our time will result in your data being leaked. Over 5 TB corporate and client files will be released CEO: "Entity": "US", "SSN - US": "367725265", "Last Name": "Lukanic", "First Name": "Bradley", "Nickname": "Brad", "Street Address": "6619 Braeburn Pkwy", "City": "Bethesda", "State/Prov": "MD", "Zip Code": "20817", "Birth Date": "02/15/1971", CFO: "Entity": "US", "SSN - US": "078564382", "Last Name": "Carlino", "First Name": "David", "Nickname": "Dave", "Street Address": "5411 Via Del Sole", "City": "Williamsville", "State/Prov": "NY", "Zip Code": "14221", "Birth Date": "07/29/1961", VP: "Entity": "US", "SSN - US": "121683252", "Last Name": "Schopp", "First Name": "Carolyn", "Nickname": "Carolyn", "Street Address": "3621 W River Road", "City": "Grand Island", "State/Prov": "NY", "Zip Code": "14072", "Birth Date": "10/09/1975",


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations web.com
MX Records
  • cannondesign-com.mail.protection.outlook.com.
TXT Records
  • google-site-verification=beMcM79zEDG-Cf56pHk3GWuV5Ak4PWc_jT_8zbVLq1Q
  • v=spf1 include:_spf.cannondesign.com include:_spf-aws.cannondesign.com include:gh-mail.cannondesign.com include:connect.cannondesign.com include:spf.protection.outlook.com include:aspmx.pardot.com -all
  • docusign=7d20ee93-91a8-42de-89f0-d1d7703ae46b
  • MS=ms12691510
  • rhino_accounts=32a45f3f01f3bc65061aae4bdb9ddf9a
  • miro-verification=3d70b8b1d038851430366c9feb52157c986c86b0
  • smartsheet-site-validation=ZEQoHc7gpMFRpDtySFbZVVNXWobmxu5M
  • google-gws-recovery-domain-verification=43374884
  • atlassian-domain-verification=vxqLB9XwmxrstVy39b8HgXF7x5UhyZ/aEO4DMszwfJMwgw91F0AaeKT5QcRzVRuE
  • 42ytp694vtpr4rxphkqf95bc2btfbpq4
  • logmein-verification-code=0f6f6365-a3c2-45ec-beea-feee1c869db1
  • 1f1722f7-c7fb-4b1e-ac3f-cfcaa6a50ed5
  • v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCFk6JnpoSwzurDnk/6YjunZ8f0FdlX+GPQhMOLNG5Ea2d2gvb+3Nop9iJ/XBYNPcjgbo+Ha775WjG4t7+Mn1U6Z6/9DjmK/poETba/LJ9gbXY7DETaRIM9P4hBj7+OsUy+TTa1Kvoa26DpRWt6m6TwBX4wSaBqgM/LE472tM4p2wIDAQAB
  • ZOOM_verify_mv-LcMaQSKayc46jYtct_A
  • c/sA3ULTVJ6qKk+AUpiuWliezE0iSnFG37D4fxwAgEGIWp6qul4iYxs5r3eCaC4qYMaKYFy0gAvSnFUx3KBzwg==
  • MS=A2DE1C5E8488F6B0D021F8002C47D770F52052C9
  • have-i-been-pwned-verification=630ab7332d63ebf79dfde6f32a605a6d
  • parallels-domain-verification=a6065020a04145bcaa4bda1c98de219026636f8751a14dcc97ddaccbffeea9d8
  • docusign=bf04706d-c3f2-409c-9160-1e2f1936b229
  • rm_verify=6e5e70bfd3
Cloud / SaaS Services Detected
Atlassian Microsoft 365 Miro Parallels LogMeIn DocuSign Have I Been Pwned Zoom