Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo LoanDepot

Group: alphv

Discovered by ransomware.live: 2024-02-16

Estimated attack date: 2024-02-16

Country: US

Description:

LoanDepot, is an Irvine, California-based nonbank holding company which sells mortgage and non-mortgage lending products.

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 3

Compromised Users: 561

Third Party Employee Credentials: 8

External Attack Surface: 70


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations web.com
MX Records
  • mxb-005def01.gslb.pphosted.com.
  • mxa-005def01.gslb.pphosted.com.
TXT Records
  • jeUUvRzYB4SFUvjE0DJ9pOlOEnBEHRHHRJaEHkPG6Zpp0NypF4kt/9tqB/9GZ5rgwjyNMCkJzjIpCtPNWxkdTg==
  • docusign=75a565a8-f1e5-4293-8d7e-82998a9d0380
  • 3b622b6rqndwv4gnzl6tfrsmy20jk29f
  • csEMiK09tti0n9uDurlJmTZ5tqhJA3IfZPH1ttvolCHJ5Cy++lsSEz6IlWMAqRsy+sBvkK3hwaVSQCkUplqWfA==
  • lHbxKx8XCxcfXKC4+5QDXQF5uhx/OyjreJmYu+CziwFj2bp3llkX3EUERq9sehQggGTIzcy1Iq9zzGl/IzBQCA==
  • hp-techpulse-domain-verification=e77d89b0-a12f-4b2d-b7ec-c263acc1d75f
  • v5c39b2hfhh6x3nvzpwd9rbtll3mv249
  • google-site-verification=bY-lpi300tbMmcv5yXWoxke5fQ99SY92JU7kdruL2ME
  • ciscocidomainverification=e02b6db924cdfba26309440c1681403dbca9cd1edbbe164ac0ac93d906c2ad0
  • jamf-site-verification=uRuWgABq8BRGcbUFs4u1cg
  • ZOOM_verify_K4sBUqOViQTEzusitJG1vj
  • amazonses:VJMNjPP7HbLFK38P1AvrDrt10lUwqjMcc/hHEIz4g9U=
  • asv=ea889e96588172ef67c79a7774127a60
  • atlassian-domain-verification=iGuQMibgyBaHwPVhywsxjr2Z1SIcpHiilmKmUE4/58GsyDK/YfzXXTwTQQDC2x9a
  • _qf2rnqbwfvsbzr5qsb8qn7ec6x9hcx8
  • v=spf1 ip4:12.168.158.48/28 ip4:208.90.0.0/21 include:spf.emailsignatures365.com include:spf.protection.outlook.com include:spf-005def01.pphosted.com include:mail.zendesk.com include:_spf.explore-blue.com " "include:_spf2.loandepot.com include:_spf3.loandepot.com include:_spf4.loandepot.com include:_spf5.loandepot.com include:_spf6.loandepot.com -all
  • google-site-verification=UOMjnM1mbqDZiKJSrQ6p8Gd9QViHdGo4DcW3YB7YObE
  • MS=ms25121108
  • google-site-verification=go7qLx8fczti5n8msg8gBuUrOULA_LmBF-39tp5KzCo
  • google-site-verification=2OuOj7ttRJN41QVqIlK4Ejy2kJOSwLFCltGW0qRGJKU
  • docker-verification=a4e1142e-8b26-4e3b-96b3-08bbd50f4d63
  • apple-domain-verification=KKzDY9BKAZ2sddGP
  • MS=ms27954481
  • google-site-verification=nSgSZl3r8H9ceF74SpJuW9Gq_Tjzrir0dxhPRmmyiHw
  • x6rfk0tt18pb1tzsmwy332vd01g8czcr
  • Dynatrace-site-verification=0cdca7b5-be34-4938-bbb3-8685e8bff62c__f7tjhaif3afpklg6k5s6ak583m
  • miro-verification=72bb53f86aefe6ed090ae10f5d2c25cd58069e0a
Cloud / SaaS Services Detected
Apple Atlassian Amazon SES/WorkMail Microsoft 365 Zendesk Miro JamF DocuSign Proofpoint Zoom

Leak Screenshot:

Leak Screenshot