Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo RIOTINTO.COM

Group: clop

Discovered by ransomware.live: 2023-03-16

Estimated attack date: 2023-03-16


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domainabuse cscglobal.com
MX Records
  • riotinto-com.mail.protection.outlook.com.
TXT Records
  • xz32dmvvr0whkm34m9swgn86nlr840lw
  • successfactors-site-verification=YzJjZmU5MWU0ODA2ZDI2MzJiNTBhNmNiZTUzNDRhMDg1NzAwYzdmZjU0MGJjZWIxYTI3MTMwMWFlMWVkZGE3Yg==
  • docusign=ee110089-7963-4dd8-9d8f-3e2fad64e851
  • prb9l0fm3p1jhhym8h688s941hbyj6sz
  • vnyqptz2m58fqvjdy1m17jdf774tgqtf
  • globalsign-domain-verification=F15F01F4C704302FB974C74EC3A7A324
  • globalsign-domain-verification=1505763E272B8F151050219814F87D6E
  • MS=ms32875429
  • workplace-domain-verification=D4j4L0ihB76NPZU32Nlotb2xlGX2rC
  • pexip-ms-tenant-domain-verification=0f3f3800-d6b3-449d-87ba-e81f6341bbc6
  • _qm4uqtvmrw1cut1ageeip50nmv84ez6
  • qrbv9svhy3dw2ymmjl03k7wgcq0c81zw
  • apple-domain-verification=TDmZl1EhXR7QYmA4
  • atlassian-domain-verification=dBq7OjGxqxBRqVpkFzoawvkz/7KVFvAApfiXH4NiMpRslxOn5hcdE0zDaRsFVPjD
  • _30qly7boakc1tx6eibpfyzhkr4jsjst
  • docker-verification=23e700a9-97b9-4913-8929-c8df7a162155
  • j2tdf4w62gqqj19d57bkyr22vldq92q7
  • 2s95775p4696gvnn4jkrfdppwd82zy5v
  • openai-domain-verification=dv-dHFaFfUBtDg6tubYMPOxIvqb
  • apple-domain-verification=M7a8jqKFLvcSwwWr
  • 6c8192b8b16e61b79fa6ff1018cf5a2234da9d8d4d1a55d585c8d71893dd714a
  • bndkbn08rqmbcw40f1wfnmdxqcqqg6v5
  • Dynatrace-site-verification=87e22acd-8e28-4878-bf85-81491916e677__ojakb6jcr9a2enoedbk5m143nb
  • apple-domain-verification=kmIdRWj81aFv2sPO
  • docusign=1729138f-cb6c-47c6-be94-d8d207ee6f37
  • tgxyfgznybjcf1n8ycn6k4v1bpbvhd35
  • xcpq2x05v7x85gq84c7n3gqw0xv2m153
  • n2jljmv1191jtnym33g8vmwcv1fw9v0f
  • kr00cqrge6r3sdiaudj24sh4jg
  • XcVJU8t5BTApd9ynj8GuQblKtoD2wItUVB2ammJdpUq3PS0bZM7D3aU4LMsy09qD0GCBYQmVZa0vbUv3Yiah8Q==
  • wdbnwv31ARXNDTtK1XTcmrsbKAvp2qUJE2smun10S8vSDeaMcffM/xRSBPGJRtFlr99qfrdDTAc7z2WSUTwgVA==
  • d365mktkey=ychfosc72wz3ci9h5ov53wba
  • v=spf1 ip4:203.15.191.188/32 ip4:203.15.191.189/32 ip4:203.15.191.252/32 ip4:203.15.191.253/32 ip4:203.15.190.226/32 ip4:203.15.190.227/32 ip4:208.185.229.0/24 ip4:208.185.235.0/24 ip4:148.59.108.0/23 ip4:148.59.106.0/23 ip4:148.59.107.25/32" " ip4:148.59.109.25/32 ip4:182.160.163.188/32 ip4:157.133.127.52/32 ip4:205.236.155.25/32 ip4:69.20.6.34/32 ip4:87.253.233.6/32 ip4:3.226.40.151/32 ip4:159.183.181.113 ip4:149.72.116.19 ip4:149.72.117.225 ip4:149.72.119.192 ip4:149.72.119.197" " ip4:149.72.119.199 ip4:149.72.119.210 ip4:149.72.147.106 ip4:149.72.148.50 ip4:149.72.155.21 ip4:149.72.160.121 ip4:149.72.166.148 ip4:35.80.141.6 ip4:44.229.121.55 ip4:74.179.243.94 ip4:172.214.67.207 ip4:4.236.81.254 include:spf.protection.outlook.com" " include:_spf01.mykronos.com include:spf.mandrillapp.com include:_spf.salesforce.com include:servers.mcsv.net include:spf1.fraedom.com include:spfa.mailendo.com include:spf1.workhuman.com include:spf-us.wfs.cloud ip4:159.135.229.88/32" " ip4:159.135.237.231/32 ip4:207.134.161.197/32 ip4:20.5.80.155/32 ip4:20.5.82.25/32 ip4:74.201.88.25/32 ip4:12.239.120.27/32 ip4:195.200.255.124 -all
  • globalsign-domain-verification=f68df60504bc65355eec6a252bff889c
  • vyf7f13gv9802cgj05swkxn821s690mg
  • adobe-idp-site-verification=a115a72dee4b216a2c454c5b98a72af4c5eea21e8da9637d30781f3be7cfd1a8
  • _globalsign-domain-verification=AGPloDOvkD4Wr2TKw92KqYzI5QaeN-wzUM3HRbSx-E
  • gxkxd5s76mlwlcmpckkjythmn64qwljf
  • miro-verification=357c965b9c8be9702911c362ddb72c1959227ff2
Cloud / SaaS Services Detected
Adobe Apple Atlassian Microsoft 365 Salesforce Miro Mandrill DocuSign

Leak Screenshot:

Leak Screenshot