Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo EMERSON.COM

Group: clop

Discovered by ransomware.live: 2023-07-11

Estimated attack date: 2023-07-11

Description:

Emerson Global - Emerson

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 93

Compromised Users: 1132

Third Party Employee Credentials: 300

External Attack Surface: 154


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domainabuse cscglobal.com
MX Records
  • mxa-00300601.gslb.pphosted.com.
  • mxb-00300601.gslb.pphosted.com.
TXT Records
  • v=verifydomain MS=ms<55449BE3-56C1-4d44-A242-2B1C6E06770D>
  • drift-domain-verification=18c9db80f4f1b02755d08bb50b7f81ced5771b18fd709ef29911ec7d04f5b5b5
  • docusign=15a1dc46-efc2-4c20-83bd-dc07bdcce91e
  • ygdsvdqb41zdqh69hkns19zwzlxxhf9s
  • MS=ms36304165
  • ms-domain-verification=9fb5fe4f-40bd-4afd-bdc3-d29aec0bbe56
  • dtm-domain-verification=t8c0owf0fpbvu3qDMlCwo7dafbb51kHr1TmlCnbrmB8
  • google-site-verification=iN_Zf6SubRPgKi4inx3PPoSaf0n5o2r8n6GlONoSTSo
  • MS=ms15409228
  • MS=ms97059319
  • autodesk-domain-verification=ckL2Hhfwll4k8YkQ-sxD
  • ms-domain-verification=bc2c6b49-01a8-4795-970b-f6c5a63f7039
  • pardot948362=a3493a5cd784c48c9dbf6f6cb0a386c12741af68cf6b22ca5479a32742b6bcf8
  • MS=ms59172994
  • MS=ms37029122
  • mongodb-site-verification=zqD0q0LbSfJthZaBpfcLezrGLbiYitDQ
  • wrike-verification=MjY4ODQwNDpkZTdlNzc2MWZmMzViYjNhMThjNDg0ZTAzOGI2NTlhOGM0OTA3NGE0ZDc2MTA5MWU5ZTg0OTFjNjJmN2MyYzJm
  • meltwater_sso_20200421_t3-2732
  • wrike-verification=MjcyMTM3MTowMmU5MjRmZDQ4Y2YxODgxOWNlZWZmZjliYzY1ZDE1MTQ0NjU4OTY0ODhjZGI0MmQ5ZmMyNDM5NzFiMDg0Mjgy
  • make-domain-verification=fc19ab38-e91e-4d57-9b97-f24b77f858f4
  • apple-domain-verification=0LC3RVRyzvLE1icY
  • atlassian-domain-verification=WPHaHy3InKYtepoCKSq9t5Qslgq5nEymmmlSNJb74cULMcmcVPLzNVWp9u9ACEPG
  • smartsheet-site-validation=wjfhLHmh4cYhi1WsErY8mSGMUmMo_Sgu
  • onetrust-domain-verification=940765887ade4201a4c24492fa244391
  • docker-verification=1843c122-cdbe-4cee-a955-501c378ecbde
  • mongodb-site-verification=BqjQgqaOXnMRNXZHP8AeYPnH0Zq5EGeZ
  • 2CqWLk3jYC1kkyo3a+Jn50D3sj6HUC41oTwKBPveLId35/eQucpB3xttP8ht0rz9DlkHww/XYbLQiyYxdLhcRw==
  • atlassian-domain-verification=jPY2khghVVg4xibLHi9sLospmNwwfD/egSNPYh8knnIYDJ4U5Vp2/PC6g/UL/4w1
  • bw=DxHz7LEKmBp8yNzTnDpco1CTZgksRAWjxWlrbZiYXq72
  • xkgzgvlb6zjpx5yxvwrtgt19cfsf8cl6
  • traction-guest=1587ce44-a0e3-42e9-8ed6-ab39176b20c7
  • _qon25w7klomrikm0oovy1oyix16ndjp
  • ciscocidomainverification=4157b32101837d9ff88e7c171da4988d6a6a61342c57b704d5f7f1e67a68925c
  • v=spf1 " "include:%{ir}.%{v}.%{d}.spf.has.pphosted.com" " include:et._spf.pardot.com ~all
  • MS=ms12594487
  • Dynatrace-site-verification=89217b09-90fb-4ab2-9559-c1b5b2532c73__m83s9s8lg328ebtffn0b1i3cvo
  • ca3-6a86742d28da4b89b92bea254e52d0f6
  • rq7zhhsrp1p2rjf89yq2qtv9z0lyr85q
  • google-site-verification=RK6kLHi7fFTcQhU3mcOQonWJLKz9894Boq7T0sUR0KI
  • MS=ms69181525
  • adobe-idp-site-verification=54edae49b362c829d176d3ef9f7e3f45bb7dd9f99085432b5a17ed938fb38f57
  • sending_domain918843=089ffaaf583449a9c7d577c3a98278daba18016686b6578de8cc34ea08b99a14
  • infoblox-domain-mastery=2bec1c11b28dd94ccb2c20c4ec0a917961a15b82a63584dc746ca5c2ec796a22d5
  • onetrust-domain-verification=77b84320988145f4a31c43f9dc01fb2b
  • docusign=1cc5721a-0202-4c50-b4ae-415457a1547c
  • ms-domain-verification=1311b50e-37bd-4791-9f07-157f3d4459da
  • onetrust-domain-verification=5522b3362730477a879338b39e5fd451
Cloud / SaaS Services Detected
Adobe Apple Atlassian Microsoft 365 Salesforce Autodesk OneTrust DocuSign Proofpoint

Leak Screenshot:

Leak Screenshot