Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo Kretek International

Group: royal

Discovered by ransomware.live: 2023-04-07

Estimated attack date: 2023-04-05

Description:

Kretek International, Inc is a number one importer, marketer, and distributor of specialty tobacco products to convenience, mass, and national retailers in the US. We are going to distribute the data of 70GB size we got from them. We have accounting, finance data, payment information, contracts, personal information (employees' info, addresses etc.), information about their projects and so on.Release coming soon.


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations web.com
MX Records
  • d295669a.ess.barracudanetworks.com.
  • d295669b.ess.barracudanetworks.com.
TXT Records
  • sending_domain1029201=a7483497521a9af03e3450a92945f2ab73a37987ed2fa55f9418fbacaf4ce9cb
  • bkae63m2mmnudiqoniamereehp
  • google-site-verification=Faukabf4CTWxH54JVCbc1uh6_RUFAWSop9KhQEWPVbk
  • sending_domain1032091=05115a393e32f9dce03015fb41e931bab74801d89eb85d6126fa9c423eadbd0b
  • MS=E33C957A160CE37BDB93674F86DE7035EF024D0C
  • kretek-com.mail.protection.outlook.com
  • atlassian-domain-verification=VLALDF4qFiiGdn9V9Bm0YsHOaAxcmm2kWvaSkzwlY8lWNBHoabkY158E2lTj7OLW
  • plbbmrvkakq0kevu14d6p8pkfd
  • v=spf1 include:zcsend.net include:spf.protection.outlook.com ip4:209.215.196.2 ip4:209.215.196.8 include:spfcloud.letsignit.com include:sendgrid.net ~all
Cloud / SaaS Services Detected
Atlassian SendGrid

Leak Screenshot:

Leak Screenshot