Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo ctgbrands.com

Group: cactus

Discovered by ransomware.live: 2024-06-10

Estimated attack date: 2024-05-28

Country: US

Description:

Download link #1:  https://***************.onion/CANASIA/PROOF/Mirror: https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/CANASIA/PROOF/DATA DESCRIPTIONS: Personal identifiable information, corporate confidential data, corporate correspondence, employees and executives personal files, financial documents, customer information, database backups, etc.

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 1

Compromised Users: 13

Third Party Employee Credentials: 15

External Attack Surface: 1


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations web.com
MX Records
  • ctgbrands-com.mail.protection.outlook.com.
TXT Records
  • v=spf1 a:ctgbrands.com ip4:23.251.224.0/19 ip4:207.245.232.194 ip4:207.245.232.197 ip4:150.10.0.0/23 ip4:172.20.2.0/24 include:spf.protection.outlook.com include:spf.mandrillapp.com include:mcdlv.net include:rsgsv.net include:sent-via.netsuite.com ~all
  • 50x43llc26h4jc72qmztcmlg5dpyl6t1
  • MS=ms49336646
  • MS=5716D6F6E29837434EA01ED726C9D6279DB894B5
  • v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrLHiExVd55zd/IQ/J/mRwSRMAocV/hMB3jXwaHH36d9NaVynQFYV8NaWi69c1veUtRzGt7yAioXqLj7Z4TeEUoOLgrKsn8YnckGs9i3B3tVFB+Ch/4mPhXWiNfNdynHWBcPcbJ8kjEQ2U8y78dHZj1YeRXXVvWob2OaKynO8/lQIDAQAB;
  • ch3029i1t633j1m6lecqhp9rh1
Cloud / SaaS Services Detected
Microsoft 365 Mandrill

Leak Screenshot:

Leak Screenshot