Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

QUALYS.COM

qualys.com

Group Clop
Discovered 2022-12-22 20:02 UTC
Est. attack date 2022-12-22

Description:

IT Security and Compliance Platform - Qualys, Inc.

Infostealer activity detected by HudsonRock

Compromised Employees: 17

Compromised Users: 885

Third Party Employee Credentials: 18


External Attack Surface: 124


Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • whoisrequestmarkmonitor.com
  • abusecomplaintsmarkmonitor.com
MX Records
  • mxb-001ca501.gslb.pphosted.com. Proofpoint
  • mxa-001ca501.gslb.pphosted.com. Proofpoint
TXT Records
  • amazonses:52zpbg9AZ79pVhI2DN6o3ktTYwXDLU7ZihPBlVgxqCI=
  • bw=TFm5ajlDItNuhAdXC3493F5xzqaSsNBbqG4KRb0Wm0MY
  • logmein-verification-code=014af187-7246-4d2d-8a85-431807e3d7e3
  • google-site-verification=hCxTZ5owBADG1HLD13KAkQMUv6shnYCKLiCtchngm8U
  • docker-verification=f9c04f5b-7768-4358-a4ff-a4facb1c8c27
  • canva-site-verification=BYn3WqhUur0afyZ9xBJUeg
  • MS=ms92383932
  • _fb8h4qx85nn33nb9s4mqemnm2gh7ryl
  • webexdomainverification.4C675B87F812B136E053AB06FC0A3F65=6e7b27ee-8d9b-4af5-b8e2-65667dc74a92
  • zoom-domain-verification=9a72f3b8-2853-40e8-add4-3cbf627e7b66
  • hknh1rmgcl03xtqh5jst4p3flvkv12fm
  • _5fvhz4aiviixnbvukkiwrez7zdfx685
  • v=spf1 include:_spf.qualys.com include:spf.protection.outlook.com include:spf-001ca501.pphosted.com include:stspg-customer.com include:_spf.salesforce.com include:_spf_marketing.qualys.com ~all
  • _fa83uemuby07hs0fydcn178yxo23acx
  • cisco-ci-domain-verification=33e6cbafea8793e47611c31671049327a9bb6c5bba761db0e79518003a100d0c
  • adobe-idp-site-verification=5c1a2d4ada5ed7c7aab44b90e8597d808380fb65309737829a4e383882899308
  • drift-domain-verification=24fd1247fa21a8ab14f547be3d4ebc8488c5eb39250ece56c034898ba5b61a7e
  • anthropic-domain-verification-t6v3nh=2ySsfbhzeFn2VMeykoP30C5F3
  • apple-domain-verification=3j5alePSrMxpNaPg
  • docusign=de3a989a-16fe-4474-a1ee-2d5c3eab1ba8
  • status-page-domain-verification=zg9489n2xc2t
  • drift-domain-verification=38f8e2fc6cbc44dad91845ac674d17472059f90696a38dcabaf5840d36d17ddd
  • google-site-verification=XNVD1zTcieHZlUmqdbQCsV7oUgIBvtB5Udq2Wqx6RXM
  • _nx7ewg0spc1brs9mi0fl86wzytqswlf
  • onetrust-domain-verification=2d5205b91d63466c80c49e80efa2a54c
Cloud / SaaS Services Detected
Adobe Apple Amazon SES/WorkMail Docker Microsoft 365 Salesforce Anthropic LogMeIn Cisco OneTrust DocuSign Proofpoint Cisco Webex

Leak Screenshot:

Leak Screenshot