Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo ctsystem.com

Group: Cactus

Discovered by ransomware.live: 2024-06-10

Estimated attack date: 2024-05-28

Country: TW

Description:

Download link #1:  https://***************.onion/CTSYSTEM/PROOF/Mirror: https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/CTSYSTEM/PROOF/DATA DESCRIPTIONS: Corporate confidential data, engineering documents, financial data, customer information, personal identification documents, database backups, etc.

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 0

Compromised Users: 1

Third Party Employee Credentials: 2

External Attack Surface: 0


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations web.com
MX Records
  • spam.ctsystem.com.
  • mail.simpnic.com.
TXT Records
  • v=spf1 ip4:59.124.14.91 ip4:60.248.141.193 ip6:fe80::4d50:951b:ce75:c2f1 include:_spf.willap.jp ~all
  • google-site-verification=LSZu_RdsRSIgMTwJ8J1VLvaWNv2NuCsg5nhAt-4uN1w
  • MS=ms59659318
  • google-site-verification=z4Lhr8-b73700SsNvzB8ly7bLpaaUiWRylVqbyfrzUk
Cloud / SaaS Services Detected
Microsoft 365

Leak Screenshot:

Leak Screenshot