Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks


Group Play
Discovered 2023-09-18 20:45 UTC
Est. attack date 2023-09-18
Country US

Description:

Arizona, United States

Infostealer activity detected by HudsonRock

Compromised Employees: 0

Compromised Users: 10

Third Party Employee Credentials: 1


External Attack Surface: 1


Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • a247b2c06dab71afd6c077a32810f8785d6bf5c8a03460e0d2b91c20bfab74a1rtafleet.com.whoisproxy.org
  • a247b2c06dab71afd6c077a32810f8781ae32f9488d7c32debf2a1fdc68b9bbfrtafleet.com.whoisproxy.org
  • a247b2c06dab71afd6c077a32810f878963e1835c48e3b5e392cc34cd5f671b9rtafleet.com.whoisproxy.org
  • a247b2c06dab71afd6c077a32810f878598c902f499ebdbba5219536c09e187brtafleet.com.whoisproxy.org
  • trustandsafetysupport.aws.com
MX Records
  • rtafleet-com.mail.protection.outlook.com. Microsoft 365
TXT Records
  • stripe-verification=33f04b2d3ab2ce1bcdf05d73ac6e54ce2b4d4061029040ff37970dac0ff82cae
  • v=spf1 include:_spf.rtafleet_com._d.easydmarc.pro ~all
  • ZOOM_verify_IdDMccr63TSKQPOc64MpGK
  • anthropic-domain-verification-gv6zr4=JLtKa4KDXO4WXFWyM0MtMRJcv
  • apple-domain-verification=yA39qS8rfeS9nC8D
  • firebase=xerifleet
  • google-site-verification=KKIGPxoB9El8NTAy6oarROjx7j8MenEOITCsJZNfBQc
  • google-site-verification=Lnzzf5rL48i8NqkJJOguu7BXUow2BzRvdeJRGWBBJs0
  • google-site-verification=_z2ltKr940s1QWGnqrLovjdK_G-WgeWi3xYz_vKxxvQ
Cloud / SaaS Services Detected
Apple Stripe Anthropic Zoom

Leak Screenshot:

Leak Screenshot