Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo gocco.com

Group: cactus

Discovered by ransomware.live: 2024-02-06

Estimated attack date: 2024-01-19

Country: ES

Description:

Download link #1: https://***************.onion/GOCCO/PROOFMirror: https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/GOCCO/PROOF 

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 0

Compromised Users: 4

Third Party Employee Credentials: 1

External Attack Surface: 3


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abuse ascio.com
MX Records
  • gocco-com.mail.protection.outlook.com.
TXT Records
  • MS=ms68610612
  • atlassian-domain-verification=Dw/4zHyNHKxscIPDbKNP1HIHnzTedqQGMoiwBzd1Etx4/kZmDAolkoLcraYwUZD0
  • google-site-verification=11ivoJL0EnOs6yssnwY9shnqUZd6iFROds1TEK8jLZ0
  • google-site-verification=4l6d_gnCxAJSeXC1UBIfLneTTUZ2IEjyl8w6F6k_K-0
  • google-site-verification=DOtP3PHEbBxOhSV9LBBdX76IaLZrdczmz9_ORHSgCkI
  • google-site-verification=zHCXbECMzTPkZ8HOlk0Wm6BAzKRrYx7xMPglMfdEscI
  • v=spf1 a mx ip4:180.72.100.0/24 ip4:180.20.111.0/24 include:mail.zendesk.com include:_spf.jupiter.salesmanago.pl include:_spf.atlassian.net include:spf.protection.outlook.com a:production.eu01.gocco.demandware.net -all
  • 1password-site-verification=GV5DFXYVGRBEZKHVXUEIVHM54M
Cloud / SaaS Services Detected
Atlassian Microsoft 365 Zendesk

Leak Screenshot:

Leak Screenshot