Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo daystar.com

Group: cactus

Discovered by ransomware.live: 2024-06-23

Estimated attack date: 2024-05-02

Country: US

Description:

Download link #1:  https://***************.onion/DAYSTARTV/PROOF/Mirror: https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/DAYSTARTV/PROOF/DATA DESCRIPTIONS: Personal identifiable information, corporate confidential documents, financial data, personnel information, employees personal files, legal documents, corporate correspondence, etc.

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 1

Compromised Users: 9

Third Party Employee Credentials: 0

External Attack Surface: 2


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations web.com
MX Records
  • usb-smtp-inbound-2.mimecast.com.
  • usb-smtp-inbound-1.mimecast.com.
TXT Records
  • MS=ms95311346
  • google-site-verification=Z7X1kmYExUwNg5NzNy0DG-hGp0Fe4im_-GwrX8pCv4s
  • google-site-verification=bNO8SN-LQTZpF-NmuQbT2Uy8Kn_JlnV8n-knHW1W-bc
  • v=spf1 include:mail.zendesk.com include:sendgrid.net include:servers.mcsv.net ip4:63.147.112.89 include:spf.protection.outlook.com include:6143543.spf02.hubspotemail.net include:usb._netblocks.mimecast.com include:_spf.salesforce.com ~all
  • 0ed1fe018a86af14a7d7134b41bf706ce820f96cdf
  • 1tMwbIK2/JivL0YuU0yY2nPBuqGEGU6CG6ai0n9RCCwTiEAQUMY8g8RHbuKPAac+L5LH/Rw6kHscY3wSDM6Y1A==
Cloud / SaaS Services Detected
HubSpot Microsoft 365 Salesforce Zendesk SendGrid Mimecast

Leak Screenshot:

Leak Screenshot