Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo Ducont

Group: hunters

Discovered by ransomware.live: 2024-02-08

Estimated attack date: 2024-02-08

Country: US

Description:

Country : United States of America - Exfiltraded data : yes - Encrypted data : yes

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 6

Compromised Users: 10

Third Party Employee Credentials: 15

External Attack Surface: 11


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domainabuse global-village.de
  • domreg global-village.de
  • 8egbhur8gk8hka8ip26j7kpk forwarder.address-verification.info
  • yinveqbxvffey5akk4p3eccf forwarder.address-verification.info
  • mb3ebeyyrfi5y8p8vp2bz2dw forwarder.address-verification.info
  • gdp45kttkekbshme2wyw6j7i forwarder.address-verification.info
MX Records
  • ducont-com.mail.protection.outlook.com.
TXT Records
  • 6ue9oin2hinnj95qsj38du4nqn
  • e8fr7h3uh2pqo10qhv6k4nbq38
  • v=spf1 ip4:213.132.55.110 ip4:213.132.55.111 ip4:61.95.186.64 ip4:217.165.17.241 ip4:115.247.148.190 ip4:125.21.18.118 include:spf.protection.outlook.com include:amazonses.com include:mail.zohopayroll.in include:zcsend.in -all
  • MS=85812FB0E2BC6608622794B0ABD52BC2598D8A94
  • zoho-verification=zb54282574.zmverify.zoho.com
Cloud / SaaS Services Detected
Amazon SES/WorkMail Zoho Campaigns

Leak Screenshot:

Leak Screenshot