Xerox Corp
Xerox Corp
Group: Incransom
Discovered by ransomware.live: 2023-12-30
Estimated attack date: 2023-12-29
Country:
Description:
Xerox Corporation provides document management solutions worldwide. The companys Document Technology segment offers desktop monochrome and color printers, multifunction printers, copiers, digital...
🕵️ Infostealer activity detected by HudsonRock
Compromised Employees: 507
Compromised Users: 4068
Third Party Employee Credentials: 237
External Attack Surface: 200
Infostealer Distribution
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- abusecomplaints markmonitor.com
- whoisrequest markmonitor.com
MX Records
- mx1.xerox.iphmx.com.
- mx2.xerox.iphmx.com.
TXT Records
- 6ZpwCG3DkW/sI5iW0PrECx4iSQF1Yj2rC2USrsT7LaZ0wVbb70bfJXyLDVRZEDRwMRPij/duzfFcwX9EjJ1Ylw==
- globalsign-domain-verification=cce2fca7f88257f0e256f0c3ef70177f
- jamf-site-verification=06aiArdDOtB10ORj1dSClQ
- google-site-verification=Ggk7Rg_jFyfh5yiNssP4KvydqZZIYntXYGsDmCyHUQg
- google-site-verification=FTZ_4d8T6qx3IXTiRaK4xnIRRe3k23DJhm802IUTlhM
- apple-domain-verification=yGDgIeYqDyfSbtrX
- google-site-verification=i70agOHhpDybanmNYjbgvtz68pnSNAVNhCoq8sOnPDA
- Dynatrace-site-verification=2c111e48-3773-4f10-bacd-ef1aac74947b__pqs79pq5uhf5sf2mm83lal92o6
- monday-com-verification=RTIiflOQpEiCwByU2cwHWjvvaCVVwNjprLV1vSDuM-U
- MS=ms69937247
- atlassian-domain-verification=xNjY3El5LXbHIIFbfZKQaBxidFMyigI0zC9hFFF72Bqc7gEndCemG9Tmkuv2AisI
- google-site-verification=SqEDLxkH1C2tIoVfcgUK5IPPplF7H9Q4PDXSLBQ_mSY
- google-site-verification=_TXJIUt1VESW6hNVUMWXjP6LY2Rhm3KXDqG622PjcsQ
- h1-domain-verification=u798srhkHsguWuuKJ9jEF7jaY8rMRvo1jEGp3jAG83kBZdZN
- globalsign-domain-verification=91E33A0C7638872C1CF950E2A564F01F
- webexdomainverification.LS2L=3821c6b9-1edb-4162-9305-cf6fac2d2d9a
- webexdomainverification.4C675B8BD27FB136E053AB06FC0A3F65=e072993c-c14a-4a6f-8942-47788297c063
- pandadoc-domain-verification=GTffXF2BZ7C9TzT2TMPfVR
- atlassian-domain-verification=iHnC7jWGpEexY0C6pniDayOYavXl51LXTWY8Qz2GS8ZA02Y7crYUu7y8Gy2WLcWK
- google-site-verification=6XsB1W-0Zx4r_yjEzo7NYJ6EbSkrsOMucak3mRPj2P4
- adobe-sign-verification=eca014782328d616b400ba2dc33ee480
- amazonses:BbvpRIWAvvVQijs0zvbkm5hWu9pJ9sRS/R3fnguzUp4=
- google-site-verification=gIiGv288UuyOWc6MRrRJNI9ZX96wxqBbsdxIv3gAGZQ
- CKIOJONMZT._autotask.xerox.com
- v=spf1 include:_iphmx.xerox.com include:_iphmx2.xerox.com include:spf.protection.outlook.com include:spf.constantcontact.com include:_spf.salesforce.com include:nw026.com include:mail.zendesk.com include:autotask.net " "ip4:141.193.184.64/26 ip4:141.193.185.128/25 ip4:18.208.124.128/25 ip4:141.193.184.128/25 ip4:141.193.185.64/26 ip4:158.247.16.0/20 ip4:3.93.157.0/24 ip4:216.139.64.0/19 ip4:108.179.144.0/20 ip4:54.174.60.0/23 ip4:143.244.80.0/20 ip4:54.174.59.0/24 " "ip4:54.174.63.0/24 ip4:3.210.190.0/24 ip4:141.193.184.32/27 ip4:54.174.52.0/24 ip4:139.180.17.0/24 ip4:141.193.185.32/27 ip4:54.174.57.0/24 ~all
- cisco-ci-domain-verification=5189f93c6104ca078b704b53bbda5c79ee635e479431967841b7f1ceed59577e
- docusign=5b38208c-1f25-41e8-a5bd-9acc7050060b
- globalsign-domain-verification=404484575de68de025ead67e61bdd594
- webexdomainverification.4C675B8BD27DB136E053AB06FC0A3F65=f46c9f8f-27fe-4399-a063-46798885439c
- umacf5dltsUy81OlT14W8R76dh5dLxGs/B3p3YRVQGsuDXbu/pIu9MWmZ9TJgM9tWwYaPwl8Ndrf6Hqqed4Lew==
- webexdomainverification.4d2abde4da5011c7e053ad06fc0ab17f=1023409a-d0d8-4e32-aa93-c802970feb53
- google-site-verification=AG7vu8mYz2Mjd2OxV2jMmHRT5RLlI3vfZ4Pwzx_eXyo
Cloud / SaaS Services Detected
Apple
Atlassian
Amazon SES/WorkMail
Microsoft 365
Salesforce
Zendesk
JamF
Cisco
DocuSign
Cisco Webex
Leak Screenshot:
