Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo dahlvalve.com

Group: cactus

Discovered by ransomware.live: 2024-08-01

Estimated attack date: 2024-07-10

Country: CA

Description:

Download link #1:  https://***************.onion/DAHLVALVE/PROOF/Mirror: https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/DAHLVALVE/PROOF/DATA DESCRIPTIONS: Personal identifiable information, corporate confidential data, agreements, contracts, engineering data\drawings\projects, employees and executives personal files, financial documents\statements, corporate correspondence, database backups etc.


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domainabuse tucows.com
MX Records
  • edge04.simnet.ca.
TXT Records
  • apple-domain-verification=3tkWrPsO39VgkNna
  • v=spf1 a mx ip4:64.40.241.242 ip4:64.40.241.243 ip4:184.149.223.67 ip4:68.179.123.69 ip4:78.46.220.77 ip4:195.201.95.200 include:edge04.simnet.ca include:45497098.spf07.hubspotemail.net include:spf.protection.outlook.com -all
  • OCafp2+QkJMgH4EUldNMKMc6ajvtstlK2a1wdkNRgriPylWJk2AkLG7oADkpbkSym95mAyb2OgcI6zLrpxyTug==
  • MS=ms10315633
  • MS=7CE60D36F7B1BB7D6E68DF7F965A1438B636D257
  • duo_sso_verification=9JWEe5k2O2eWxyJ3RAIHEh1oJ8zO503ta0E55nfcWiEISzzhDPPgxDfKdly4mlz6
Cloud / SaaS Services Detected
Apple HubSpot Microsoft 365 Cisco Duo

Leak Screenshot:

Leak Screenshot