Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo SHELL.COM

Group: clop

Discovered by ransomware.live: 2022-12-22

Estimated attack date: 2022-12-22

Description:

Shell Global


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abuse comlaude.com
  • ipladmin shell.com
  • shell.com-Tech anonymised.email
MX Records
  • shell-com.mail.protection.outlook.com.
TXT Records
  • 3d5f5q2bg0g2t96ffqo1hhs9dd
  • d8o2aqmnlcaj18nifhs7ra2ebj
  • q1mksk7p1p6byn9g81hwy0y014126d9z
  • docusign=ebc4433c-7318-4b65-b3cf-c4d01acf5b55
  • d97c7xwpcymczhpklm1dpr1xr6fn3yzb
  • 9v7lgkl5vn6qu138hnacm87m7d
  • becmf9keiapknkqktt5kcdsk4u
  • BDF726D77B55F2EC8E624B9AFE5A4590B82EBADCDA04E610C43C8311BC9A03B3
  • fastly-domain-delegation-594378-0ZM4amkwMltEWmCIidYB-04-2023
  • duo_sso_verification=WojFyyjSjqR6aEVhlNeJGxsEbub6J7DLeiA8y88ZatRECfEEkqjYaFmWwg1tuiHY
  • mongodb-site-verification=p5sfueWDgHybEayDekRFIQaqQYpRucfZ
  • k6tpym151cnp6p3p3b6bh9f5659y990g
  • atlassian-domain-verification=SfYQMaMissomX90WfR7MoGF8l6LQeuVp45SNlq07qdo9gatpSy/F69CAfUMOaztE
  • k5lebgsivjqnpekbv0jq81r910
  • google-site-verification=2RWUzwfEqaFFEu-YXOetJGyDYW_jM1QzfbK63hd_Qec
  • v=spf1 exists:_i.%{i}._h.%{h}._o.%{o}._spf.shell.com include:_spf.shell.com include:_spf1.shell.com include:spf.protection.outlook.com include:_spf.salesforce.com -all
  • 3x493h89c0dxsgjwwsr7h9msc7p2g5k3
  • 7ftggy6w4c5bp3w6ljt8rv9h5dsvbd7r
  • mixpanel-domain-verify=61dfbc63-3e0f-4b53-ad62-26977e529056
  • adobe-idp-site-verification=2dcd60bb-a70f-4f4c-9832-e36e4f08745e
  • dtb0e1jthn116urqf1suu945ff
  • hcp-domain-verification=8b8626010d390830e0af71dc9445743231a89e755f783804897c7df5950de525
  • pardot877962=43d42d10d8972bd081c2e637e06a677cbb3a07406ed9297e6b4c23f3a07a44e4
  • t8072qscmt7knc54tfem68gg8a
  • sq6y2hsy6mldhj03hmpn4d0zm8pk4l1b
  • hcp-domain-verification=c1780cf85dee1d22876a0131e4642ee4998ba9e794102457bb7565fb27c46a94
  • 83784732hy
  • smartsheet-site-validation=yjjK074dTIEOnWIeLdErssobXkT14tjg
  • R0IGT1MG1NUTSAYSH4CRX58HXZ9LXWIOV068SSV8E
  • pardot905062=71d2bb6db75d59f8fea2bdccf42eea2b1426982c29442de37411d334fb48dffd
  • 5m9qpiinj7b2nloqsp5dfvriah
  • mongodb-site-verification=QT1Vu4DO1Q6VWQPepOCIJXiHj26PZoIu
  • x7idUCqz9nWCEY0CcyH2/URUlRj3Hzo9Vfm8JmQdziLc1EEjjy+rRjBGMqI0Nn47Ru8/sDAOvHiuOZQ96IbeYQ==
  • j1e32iga06qkpukb87v0g0eqp0
  • jq7qd8rmi5kfolajkeuk62trbe
  • bw=ByUMJFZWrkr5cE3IR5PdTjBbqxK91zzHO+N4SQLbcrRB
  • ltllqqbtqhhw684mg24g3dwwnq3jw37w
  • atlassian-sending-domain-verification=7b25cdbd-c3f5-4d35-acb4-0fff16852411
  • n8i8ceak50h50tllaatr3edhkf
  • vfccitpee3sp44qvsgscnd1lpq
  • jfz9hgryxw3rs6d1xq4ctlvqdxkx0rnj
  • f24l12r2mrp3xtc42pjgh0zz2sd51tyt
  • nw8j50tn89gmp884nly0s70tlqbcf8cx
  • duo_sso_verification=PTDBTnybb8VK0vk02mkuBA75Yqyu0KOZQdxiJL6h55TcM2QmTETmUz13zXyYNqup
  • qvbbs9h080qo3h310qmpqk87do
  • Dynatrace-site-verification=5404acaf-d746-42bd-a7df-dfbe94895298__7mj7a9s7gogid2ke84k3lvkgfp
  • odfm9m1iu24t0poric4590mu79
  • 8cbvpggsoh7r999oam587av721
  • mindmanager-verification=46eaa26621e4955c1675b55d446c6d03325f458b59a465f898d42924010e7286
  • ba371u8b1vl9131qrk0f1frm3h
  • spf2.0/pra" "include:biggroup.trclient.com" "?all
  • twilio-domain-verification=0178223b1df951657aa3e1e2def8991a
  • lpjr2mkhmby7w5dydndfvxc0lk98llb0
  • jef44p27d386qk9drqed3tkr0g
  • B0CF2F5A020200D38923562A57ACC4492AB96072A79F72B463D68009ED7B789D
  • 67479A2E9D885B37AF8FB5868B275E3D4DB9DF445459E4F7C03373132488AF84
  • google-site-verification=ePLLCG-tbcqjAQ9frNo-D8FcR6e4AjSNDKg5gFYFJi0
  • pardot905062=487588ed2945ae95200b9905ecdda8e918ff69e755d759e7e6b5ae533363edc1
  • onetrust-domain-verification=1ac702ebcb2d40dca863857f087cf057
  • docusign=47717a16-0808-482b-b670-362c050ee218
  • 5rd5scsii7robjjqc7kc18nmjs
  • ms-domain-verification=6ff21658-bf9b-4300-a7a5-c3d9752636f4
  • dynatrace-site-verification=5f7e35e0-ec6a-412f-8327-4440ec5df807__g1c5ssgq2l0ei6pbfiqmd8n0u4
  • zsxkjt0l3138n4yz86g77689kw28g261
  • m5pH6XJm/UMzxV/TutADz4Kl0dboUJHh7180cCyD/p+5RBHj33/LSdiPFjnEXWGPQez+uElLZVAfeeP1vorhog==
  • pardot270112=15e5e42b1e301512adf3e51a8a7605206daec3bc1aa68afa18f90b2c8634424d
  • MS=ms30427294
  • s2bd888d97p765i6vo8cth5t9q
  • 54z1dw6s66pmp64pmq1tbtz13f2r4l3l
  • formstack-domain-verification=7182f5bd68e108664a843725ce0b1bbe
  • pardot995622=e4aba6e693244a7e777d31ca2819641fd25d0de16992d173b52ec081d3d9da52
  • 9kycgg9dv494rjqt1nnd06cqq2x8b7ft
  • 8x9rgzz3pvy6nz9g9470084k519f27vk
  • muvfg8qupf7tveph8up5k72o7r
  • vlfsnbjhl7k7aujmpjrf5te8oa
Cloud / SaaS Services Detected
Adobe Atlassian Microsoft 365 Salesforce Twilio OneTrust Cisco Duo DocuSign

Leak Screenshot:

Leak Screenshot