Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo Iris Neofinanciera

Group: crypto24

Discovered by ransomware.live: 2025-04-08

Estimated attack date: 2025-04-08

Country: CO

Description:

All files of google drives, google chatting data ,workmanager documents(for last 5years) ,sql dbs and personal information of clients and staffs.

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 0

Compromised Users: 41

Third Party Employee Credentials: 0

External Attack Surface: 9

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abuse godaddy.com
MX Records
  • alt1.aspmx.l.google.com.
  • alt2.aspmx.l.google.com.
  • aspmx.l.google.com.
  • alt3.aspmx.l.google.com.
  • alt4.aspmx.l.google.com.
TXT Records
  • MS=ms19013378
  • PDQ-587347
  • google-site-verification=2oWHTrdS6ZDHjBm6vwtpo-STQvs5d8nMnATYtPp3ZvI
  • rrsrkw9w3xgkt1wbl6r9dm80zcypgkpg
  • v=spf1 ip4:190.145.230.210 ip4:54.227.34.182 include:_spf.google.com include:zcsend.net include:spf.zoho.com include:transmail.net include:amazonses.com include:email-od.com ~all
  • 5nbdf0zx3bp42d57sd3yjkt2m37shybh
Cloud / SaaS Services Detected
Amazon SES/WorkMail Microsoft 365 Zoho Campaigns