Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo Fred Hutchinson Cancer Research Center

Group: hunters

Discovered by ransomware.live: 2023-12-15

Estimated attack date: 2023-12-15

Country: US

Description:

Country : United States of America - Exfiltraded data : yes - Encrypted data : no

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 0

Compromised Users: 32

Third Party Employee Credentials: 1

External Attack Surface: 13


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations web.com
MX Records
  • mxa-00225001.gslb.pphosted.com.
  • mxb-00225001.gslb.pphosted.com.
TXT Records
  • facebook-domain-verification=y19n810yhi1azbutvhtczatzvqy7zd
  • facebook-domain-verification=eqro63vlvij5pmos5p5w4d0rtqo3tg
  • adobe-idp-site-verification=43e657be0e765f82f2ffe13b62f9d0594230c073e8b0f24c783a0833fe6f3861
  • google-site-verification=o_7q0Q1X4Q34E6SYHD5cuMPPTIkO1leSoTFOs2a6Vfw
  • 39075hwzx758h4zjv2797ggcypv9280g
  • airtable-verification=9133f484ff2fb1f92c02c4de1c7f8741
  • intersight=bce1a362f04a960761caa82c3965a378bd23b0e83aaadd415958ae80c90f6866
  • docusign=85ad4bee-5753-4b90-8f43-1678337615d5
  • v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com -all
  • fv4wwkc7j5z8109n4ztj76pq1p0gzy7l
  • W3Z5iU1+1jOddB5Epi4jVkgbMGG0V1YNEyjRynlI7fJ66tTaP70cn+qnTnND4WGl9q1zFcXx1gPmBEfFIj0qEg==
  • smartsheet-site-validation=rHtzGxP0VehFhtBCjMMYAJ0vbWFQkyzY
  • adobe-idp-site-verification=99219e22-6d22-489b-9d04-0f6786e0cedf
  • c65e9d028c0b0446f483da67990c2b43
  • cisco-ci-domain-verification=7003bdf5d9e297095eef83b2a80d5d26869f87e464c3f000f3b8809b98c960f3
  • apple-domain-verification=L4JrFvTEsaDXKTh3
  • 09ztnl3bc7cbcnygv71dj2kxz2gj1gtr
  • MS=ms71881074
  • ciscocidomainverification=7d73646d70abd2d44971de7e0a204486c26a0074eeca2fe15e059925ab4fb7ea
  • vdlkfd9bpsp7jdipkvjegjses
  • MS=ms94852029
  • asv=e145b57285bac162eb99772d8fd313f4
  • amazonses:hlh8Qs+GC0S108C4UZPD9gRN62/kKHYlWG9l7bZ4ka4=
  • docusign=c39ae476-60ae-4003-b41b-bda5d8b5e979
  • google-site-verification=WMMzy6E6yIj3sEKX_RChg9jgH9zIBZ4sv7mDbmXWwzw
  • google-site-verification=rTD4oiv7WCEN8i2lf5CFeAw_C9K-0gyuQAwVdSJksyc
  • nintex.60eca7571c44a400714eee72
  • miro-verification=4c7d5d628047a742cc2ae45a51c2b446fe243e5f
  • xYjyH73H69pOlTafv1GefFlqJs/KZ6H8sN9R4kbiHSvyXVi8D6vU9O6r9REvqa1Pj4P+wmU4KXDit0IvriZz5g==
  • 9mzpz3c2rtlrgsd0nw8yv4y6288kc0kh
  • asv=c65e9d028c0b0446f483da67990c2b43
Cloud / SaaS Services Detected
Adobe Apple Amazon SES/WorkMail Microsoft 365 Miro Cisco DocuSign Proofpoint

Leak Screenshot:

Leak Screenshot