ITO EN
ITO EN
Group: play
Discovered by ransomware.live: 2024-12-05
Estimated attack date: 2024-11-22
Country:
Description:
Japan
🕵️ Infostealer activity detected by HudsonRock
Compromised Employees: 2
Compromised Users: 106
Third Party Employee Credentials: 0
External Attack Surface: 30
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- No emails found.
MX Records
- itoen-co-jp.mail.protection.outlook.com.
TXT Records
- v=spf1 ip4:18.182.71.148 ip4:52.194.202.86 ip4:202.218.77.23 ip4:202.218.77.24 ip4:202.218.77.25 ip4:202.218.77.26 ip4:202.218.77.28 ip4:202.218.77.29 ip4:202.218.77.31 ip4:202.218.77.32 ip4:202.218.77.33 ip4:202.218.77.34 ip4:202.218.77.36 " "ip4:202.218.77.37 ip4:203.104.244.88/29 ip4:203.104.244.96/29 ip4:203.104.244.104/29 ip4:203.104.244.120/29 ip4:13.113.128.80 ip4:18.181.129.93 ip4:202.32.114.11 ip4:202.32.114.12 ip4:210.152.23.0/24 ip4:61.120.196.9 ip4:202.32.58.20 ip4:202.32.58.21 " "ip4:210.160.31.28 include:spf.protection.outlook.com include:ap.rp.oracleemaildelivery.com include:spfgw.fsi.ne.jp include:spf.espar.biz include:chohyo-bpo8.bk.mufg.jp include:mail.itoen.co.jp include:webcas.net ~all
- globalsign-domain-verification=ZsWwk91gBWenMphGrll3g5bW-1gWWlj6WXKk-WL5PV
Cloud / SaaS Services Detected
No well-known cloud or SaaS service detected.
Leak Screenshot:
