Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo CannonDesign

Group: dunghill

Discovered by ransomware.live: 2023-09-26

Estimated attack date: 2023-09-26

Description:

CannonDesign is a global architecture, engineering and consulting practice that provides services for a range of project types, including hospitals and medical centers, corporate headquarters and commercial office buildings, higher education and PK-12 education facilities, hotels and hospitality, mixed-use, sports facilities, and science and research buildings. In 2017 and 2019, Fast Company named CannonDesign one of the 10 most innovative architecture firms in the world.


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations web.com
MX Records
  • cannondesign-com.mail.protection.outlook.com.
TXT Records
  • rm_verify=6e5e70bfd3
  • ZOOM_verify_mv-LcMaQSKayc46jYtct_A
  • atlassian-domain-verification=vxqLB9XwmxrstVy39b8HgXF7x5UhyZ/aEO4DMszwfJMwgw91F0AaeKT5QcRzVRuE
  • rhino_accounts=32a45f3f01f3bc65061aae4bdb9ddf9a
  • MS=A2DE1C5E8488F6B0D021F8002C47D770F52052C9
  • MS=ms12691510
  • c/sA3ULTVJ6qKk+AUpiuWliezE0iSnFG37D4fxwAgEGIWp6qul4iYxs5r3eCaC4qYMaKYFy0gAvSnFUx3KBzwg==
  • 1f1722f7-c7fb-4b1e-ac3f-cfcaa6a50ed5
  • docusign=7d20ee93-91a8-42de-89f0-d1d7703ae46b
  • v=spf1 include:_spf.cannondesign.com include:_spf-aws.cannondesign.com include:gh-mail.cannondesign.com include:connect.cannondesign.com include:spf.protection.outlook.com include:aspmx.pardot.com -all
  • logmein-verification-code=0f6f6365-a3c2-45ec-beea-feee1c869db1
  • 42ytp694vtpr4rxphkqf95bc2btfbpq4
  • have-i-been-pwned-verification=630ab7332d63ebf79dfde6f32a605a6d
  • google-site-verification=beMcM79zEDG-Cf56pHk3GWuV5Ak4PWc_jT_8zbVLq1Q
  • docusign=bf04706d-c3f2-409c-9160-1e2f1936b229
  • google-gws-recovery-domain-verification=43374884
  • miro-verification=3d70b8b1d038851430366c9feb52157c986c86b0
  • v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCFk6JnpoSwzurDnk/6YjunZ8f0FdlX+GPQhMOLNG5Ea2d2gvb+3Nop9iJ/XBYNPcjgbo+Ha775WjG4t7+Mn1U6Z6/9DjmK/poETba/LJ9gbXY7DETaRIM9P4hBj7+OsUy+TTa1Kvoa26DpRWt6m6TwBX4wSaBqgM/LE472tM4p2wIDAQAB
  • smartsheet-site-validation=ZEQoHc7gpMFRpDtySFbZVVNXWobmxu5M
  • parallels-domain-verification=a6065020a04145bcaa4bda1c98de219026636f8751a14dcc97ddaccbffeea9d8
Cloud / SaaS Services Detected
Atlassian Microsoft 365 Miro Parallels LogMeIn DocuSign Have I Been Pwned Zoom

Leak Screenshot:

Leak Screenshot