Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo Hey cisco!

Group: hellogookie

Discovered by ransomware.live: 2024-04-19

Estimated attack date: 2024-04-19

Country: US

Description:

You lied to us and play for time to kick us out. We will meet you soon, again. Next time you'll have no chance. cisco.com\Administrator:500:aad3b435b51404eeaad3b435b51404ee:4e0de2e548880cd48c588f1391fa6386::: cisco.com\carriep:12342831:aad3b435b5140...

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 556

Compromised Users: 332412

Third Party Employee Credentials: 1053

External Attack Surface: 200


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abusecomplaints markmonitor.com
  • infosec cisco.com
  • whoisrequest markmonitor.com
MX Records
  • rcdn-mx-01.cisco.com.
  • aer-mx-01.cisco.com.
  • alln-mx-01.cisco.com.
TXT Records
  • stripe-verification=0BAD851A6A7ACC4A12DDCE03460CCEFAC86320A8494FDCCED35F71EE25EF3D03
  • yahoo-verification-key=2B33D2zyxdBOxUw/abowAuwQ2pdtznP6ULDfQC3ag2g=
  • MS=ms35724259
  • atlassian-domain-verification=2ldosmg0o2Mhpyok1OISaSGygWU9zk6fLLWdoczXtHap9luhaHA/pwEaj2Tk6ROK
  • mZvHszGlmDhvPOUKL+6JMiw/VtckyOMKjcw1PLcjYowxM2PVLX2xG0ZSgdHRm8HXfaaGR2pMvhIrBX1tX3aKRQ==
  • google-site-verification=Vc0Pir22m1u9yw5HjXf6TYO6rlAI9EY8IVKUma-OqDY
  • google-site-verification=qPS9ZkoQ-Og1rBrM1_N7z-tNJNy2BVxE8lw6SB2iFdk
  • airtable-verification=c0b5bd3f3db736f775f0dbe4e103cdea
  • adobe-aem-verification=www-idev-cloud.cisco.com/24859/366204/1b990ef7-ff88-4938-bdd9-8458cc152f57
  • cursor-domain-verification-evn8nj=Ml5OeQYe3sBg8uZOIeRrJgCO7
  • QuoVadis=94d4ae74-ecd5-4a33-975e-a0d7f546c801
  • google-site-verification=r-K1CIdXkgRWxZstUHtVyM2UfwflnGgr4AR9_Qhk28Q
  • facebook-domain-verification=1zoxo8z7t013gpruxmhc8dkerq47vh
  • google-site-verification=WmdDuSXl3PMb-48qcY6VUbW9kzNPe46zn9uDwgB2wX0
  • wiz-domain-verification=af241e6396696eedf1b361891435f6b21bdebb5621941d99279298c076b5bf5f
  • OSSRH-97236
  • flexera-domain-verification-nsbtshbvpbsmbnzh
  • adobe-aem-verification=www-devint-cloud.cisco.com/24859/366173/9418f2a2-ef45-4788-9de9-91c7d19038b9
  • google-site-verification=9MlQU9MMQ1jHLMUkONKe6QzZ-ZIGRv0BCD1_rY1Zdmc
  • v=spf1 redirect=spfa._spf.cisco.com
  • facebook-domain-verification=qr2nigspzrpa96j1nd9criovuuwino
  • asv=ac90e11808e87cfbf8768e69819b1aca
  • airtable-verification=606530d538d1833c5fc724117ca5409a
  • duo_sso_verification=AxenLdoqIXzjl2RJzE1BlOfkawDbDFlnbyvjAt8vcjKHBkvYwEMySDRk5QmBd66v
  • twilio-domain-verification=268434bd6a91bdd8d3bb5e6cffeeace7
  • docker-verification=4c56633a-274e-4858-88a2-2aeceffcfd66
  • workplace-domain-verification=Uhv7QPQ22nbuD3vG0jspf7R6LruYoS
  • fastly-domain-delegation-im0VCGY5X0axEEmhXJb2-347911-20210310
  • amazonses:mX+ylQj+fJAfh9pr03yIR7YvjKZ1bOo5ABegqM/5pvI=
  • atlassian-domain-verification=UwP1ncfiphlFs+wRx8wIBSXDScwNL7Jrw7tq2rnYz3+9T5+Md9eTDRgNPCikxtOx
  • miro-verification=53bf5ccd47cb6239fe5cf14c3b328050dd5679ac
  • docusign=5e18de8e-36d0-4a8e-8e88-b7803423fa2f
  • airtable-verification=8bf444fd0fad14a3aae2681cb7d68641
  • amazonses:7LyiKZmpuGja4+KbA4xX3lN69yajYKLkHH4QJcWnuwo=
  • pendo-domain-verification=5995ba9c-9bf8-43d8-9e5a-309856760011
  • duo_sso_verification=6Q7pJwSZ3damWHBcB8TNd9I5oduLRAFDDhip2pTFaa3QoIZtZnCgzjyZr5teSOWS
  • airtable-verification=8cd8b684d3d85964f2769dcb89944501
  • stripe-verification=8e54fae7680b23aad6d5e3417be73a043f7e45cd2767272dbe0c9c6eac903291
  • google-site-verification=lW5eqPMJI4VrLc28YW-JBkqA-FDNVnhFCXQVDvFqZTo
  • notion-domain-verification=7sz4S3LLtNIHZpYsgTTgOcRLlLrJ5JrmIgVcdRtGi1X
  • identrust_validate=nnmKikNK0/gC//d4Fn8DsCD3Umz4BdUIpyv+P+Cr8xhO
  • c900335b8b825859b51473b9943a3880ae795df47426483b0a67630377a902f5
  • google-site-verification=V3t2K3dvr9fcd1YWwwanSmebEOO_UNTP06HR2_gUO5M
  • atlassian-domain-verification=672RcADvt8BPqsb9gCN2ZC5DoTAhUT8abC1blYKQxi/MHMaGoA/BuvjFMaWRtgd7
  • stripe-verification=2B4F3B35976CFB93CA884A90BF3E0A8873EAC7C5AFD06D7047E87B794EC55DBB
  • 926723159-3188410
  • notion-domain-verification=IsKmFIvIIP8RUQNn4ZGQjzuCdZnI7TY7xcIYb65QQE8
  • fastly-domain-delegation-e9a758d22183504af2d5ab4d9a9853da-20210127
  • atlassian-domain-verification=7JYRlY9ijBijTJ0YS5a8/58DU7OfKAHMYRufcy0TC57j2mNceH8rg4ajRzErc22Z
  • docusign=95052c5f-a421-4594-9227-02ad2d86dfbe
  • atlassian-domain-verification=Gt2demeKDLmtNc9kPZhaAHFA37DEIcmFGUd6LARvB4yjLG70s3WZhaJJ15y499sb
  • sending_domain1067842=8806a83586b0389c05457f8b2f06e4859b3f1b0d6bad52e5fee552bfd0a853e0
  • jamf-site-verification=0mwRCzzRvk_HiKjmiqR3Lw
  • sending_domain731003=25e34fadea88da7e64f0fab1e32d094f1f1e0fb2b97622deac2521f7a2c5b2bc
  • pendo-domain-verification=c9d2fba1-7d94-4cf9-a6fb-310883c8bb15
  • duo_sso_verification=pG21Oj5OPCxRPsWXsfbauWT9oua82cKtYUPAmsQvovKNq3xqWEcsEMEAhtXy8AFr
  • fastly-domain-delegation-z9slsbDdX0-368365-2021-05-14
  • intercom-domain-validation=8806e2f9-7626-4d9e-ae4d-2d655028629a
  • elevenlabs=X_8Xi7v2hC20yVbziZuWtkapfDzUtNK3BogfZKVe9gY
  • mixpanel-domain-verify=2c6cb1aa-a3fb-44b9-ad10-d6b744109963
  • SFMC-o7HX74BQ79k7glpt_qjlF2vmZO9DpqLtYxKLwg87
  • amazonses:QbUv5pPHGQxRy1vKA0J7Y/biE9oR6MTxOTI1bZIfjsw=
  • ZOOM_verify_Gf6CaEdJ5aKGvjcUrZRkiA
  • airtable-verification=18787f2dc47697bb547e871772aba0be
  • duo_sso_verification=sKMGaTln2vmQuKwaE4hKtTEY1UYn2JzAaxSZzGjkgJrKuZChN344mhIptyczoNBA
  • bfefecbd-d5df-4b3a-b0dd-54bf5c72e698
  • airtable-verification=4114c0f710cfc430d841e55ed7ed920d
  • fastly-domain-delegation-w049tcm0w48ds-341317-20210209
  • airtable-verification=d886631ce96b77ba775f9bddab44df92
  • pendo-domain-verification=c9796502-c914-4e50-892d-e426f2ac68e9
  • apple-domain-verification=qOInipPgso3W8cmK
  • atlassian-domain-verification=AYTzL6wSVsW0IdyQp7gwv6lwtHdpMATnb8QriqyJ0niAaZct9kdSlXvfuE4GcoxU
  • airtable-verification=d95d028f039252314cb7507fb88e4317
  • duo_sso_verification=IYdVUIrb2L95JVejSXV3hfsJVDZolQKKOPBztlD6TIgfCRSKeMuf8WgbQuFLD4aL
  • adobe-idp-site-verification=c900335b8b825859b51473b9943a3880ae795df47426483b0a67630377a902f5
  • h1-domain-verification=rix5vuxntVpma4rTL2DbE3FDrrPjedhnRaqaHvghyod3egmZ
Cloud / SaaS Services Detected
Adobe Apple Atlassian Amazon SES/WorkMail Microsoft 365 Stripe Twilio Miro Flexera JamF Cisco Duo DocuSign Zoom

Leak Screenshot:

Leak Screenshot