Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo Oman Oil

Group: termite

Discovered by ransomware.live: 2024-11-17

Estimated attack date: 2024-11-12

Country: OM

Description:

OQ, formerly known as Oman Oil Company, is an energy investment company headquartered in Muscat, Oman.

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 14

Compromised Users: 203

Third Party Employee Credentials: 43

External Attack Surface: 50


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abuse godaddy.com
MX Records
  • oq-com.mail.protection.outlook.com.
  • oq-hq.in.tmes.trendmicro.eu.
TXT Records
  • ekogjcedsgdujptv1qduqcgfqc
  • atlassian-domain-verification=Gl8C/SlmVYqFQ8YenItkQl6kVBL3czJMIp3vYT1naa3Mo1UU4gfmUHZK3GWQrhwR
  • v=spf1 ip4:212.72.7.93 ip4:212.72.7.94 ip4:150.105.185.150 ip4:150.105.217.150 ip4:155.56.221.13 ip4:155.56.221.14 ip4:185.64.24.194 ip4:151.253.41.52 ip4:195.62.103.64/26 ip4:87.193.176.32/27 ip4:170.56.59.87 ip4:170.56.59.88 ip4:76.74.49.91 ip4:76.74.49" ".92 ip4:50.23.88.130 ip4:50.22.12.134 ip4:157.133.239.218 ip4:157.133.239.219 ip4:185.64.27.2 ip4:5.37.60.130 ip4:85.154.243.118 ip4:85.154.247.158 ip4:130.214.193.83 ip4:130.214.193.93 ip4:130.214.193.78 ip4:130.214.193.85 ip4:85.154.22.66 ip4:96.9.152.2" "8 ip4:82.178.124.206 ip4:3.64.170.167 ip4:3.69.195.103 ip4:3.68.176.248 ip4:3.121.49.211 ip4:18.197.219.60 ip4:3.70.38.84 ip4:3.70.38.218 ip4:18.196.206.8 ip4:3.65.185.47 ip4:3.73.109.100 ip4:3.73.8.210 ip4:52.59.18.183 ip4:3.126.45.133 ip4:52.28.56.202 i" "p4:3.126.95.250 ip4:3.67.200.70 ip4:46.40.203.60 include:spf.protection.outlook.com include:spf.tmes.trendmicro.com include:_spf.psm.knowbe4.com include:spf.mandrillapp.com include:spf-westeu.emailsignatures365.com include:msg-out._spf.f24cim.com" "tures365.com -all
  • ZOOM_verify_HqFWfR4oT3uGlvpMsD93WQZOOM_verify_HqFWfR4oT3uGlvpMsD93WQ
  • 477419mn6pnx5yq1rlnjhhhy83sl6jm3
  • google-site-verification=udq0HC77Ke4UKZpycHzJjPdAJTQEJuUFc_gyOczyVzY
  • tmes=ab3ed26c29cec35b38c357b9026b2fa8
  • mBXheqXyslMmX5fKFE/GuF2IgJ+edGzuoKhZB6CllshF4HZ++ylAjCCwxqSN2Zz4KB/QpT2e1M81fgbq5o98Mw==
  • google-site-verification=L-B2sL4-2fK8fshDaL2CosC8B5IOZd3h9o7CBJCJ1yU
  • spf2.0/pra mx ip4:157.133.239.219 ~all
  • g64m3rlcblzhhggyndky3d3tg53xd33q
  • O0M0A51616
  • cisco-ci-domain-verification=66e18f12fde475fb7a2138fd642fde8d982887f14305eadd433f0d701f4f9e45
  • _ioc2joiw99ni7vrkwzxadtc8790x8hq
  • spf2.0/pra mx ip4:157.133.239.218 ~all
Cloud / SaaS Services Detected
Atlassian KnowBe4 Mandrill Cisco Zoom

Leak Screenshot:

Leak Screenshot