NASCO.COM
NASCO.COM
Group: clop
Discovered by ransomware.live: 2023-07-12
Estimated attack date: 2023-07-12
Description:
NASCO – NASCO is a healthcare company dedicated to co-creating digital health solutions for Blue Cross and Blue Shield companies.
🕵️ Infostealer activity detected by HudsonRock
Compromised Employees: 6
Compromised Users: 32
Third Party Employee Credentials: 2
External Attack Surface: 6
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- domain.operations web.com
MX Records
- mx.usa.net.
- mx.ct.mbox.net.
TXT Records
- pardot105432=2561f54c750068a83589c3240152ce41192a6f4795cae1dc3a78bbae1b5afdc3
- duo_sso_verification=DlABwD8bPcIsMu3T3ejWGWjOT7IKMLKPO6APK4EsaWVHbytXpnXdCEcwKzoEXUSn
- google-site-verification=HTZRdzgbHOPhce5gk6ZzgWGTIbxqBg9NiuiF8zkcS7Y
- cloudhealth=8edb3e67-0520-44ee-8992-65a58702d468
- v=spf1 a mx ip4:18.208.102.98 ip4:35.170.128.37 ip4:4.31.69.152 ip4:4.31.69.153 include:aspmx.pardot.com include:spf.usa.net include:22331523.spf02.hubspotemail.net ~all
- _globalsign-domain-verification=FkYUUSU-u5X_D3giiaw10eou45Hypdwsy_sylh2zJu
- 9laBTS0T3OTXebEqXiT5eznQHyraLVKF59ltuqpGv9mvxwmWo0XjiyZG0FbR/GjH6V+84gGDuIhNtMJqbgeazw==
- pardot_105432_*=d6b1d2e201e8c9167083a3626f4083618c8caad0ba5c8b97768d4a1fcd45cdd3
- MS=E0D222F87A208B806CB4D2FE77B0BA228B08673F
- MS=ms89535494
- cisco-ci-domain-verification=17038e6fdaa2ea19d04736425e4aa7fb8df7e058d13b223b2322e4f59b132b83
- C5C8-A3E4-0ADB-774A-DC93-DF76-1472-20CF
Cloud / SaaS Services Detected
HubSpot
Microsoft 365
Salesforce
Cisco
Cisco Duo
Leak Screenshot:
