Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo ITT.COM

Group: clop

Discovered by ransomware.live: 2023-07-19

Estimated attack date: 2023-07-19

Description:

Home - ITT Inc.

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 9

Compromised Users: 13

Third Party Employee Credentials: 14

External Attack Surface: 13


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domainabuse cscglobal.com
MX Records
  • mx1.hc2313-10.iphmx.com.
  • mx2.hc2313-10.iphmx.com.
TXT Records
  • v=spf1 exists:%{i}.spf.hc2313-10.iphmx.com mx a:email.itt.com ip4:199.253.126.5 include:spf.protection.outlook.com include:spf.braintreegateway.com -all
  • duo_sso_verification=yOqUeEgoL0bTGqcv9wPUV7VU4pNxWV9mk83fYxDAdNaxLSF2O55LcavDYCUedg7z
  • zvbt75z.ng.impervadns.net
  • atlassian-domain-verification=d8tAjOZaIN088mIROSrQYrnedO6nGPf7lm4KbMjdkuZeH8D0fbNKup7Huyh11NFJ
  • 9CpzIHJTQBHshVgsePik5lhFzsKEloyLMHTDzlbSbrytfYnpneBV2s7cGcyaJ3CmhzCFz3VZtkI/qhM6PSaEIw==
  • ciscocidomainverification=722f6e004aff4ad1941d108b8647a80510033906eb225ac48ef5843284dcc089
  • docusign=0b8301ee-e6e7-4ffe-91d5-09a17c038284
  • docusign=a848c6de-9589-4d62-9349-03afa087cd77
Cloud / SaaS Services Detected
Atlassian Cisco Duo DocuSign

Leak Screenshot:

Leak Screenshot