Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo dc.gov

Group: lockbit3

Discovered by ransomware.live: 2024-04-18

Estimated attack date: 2024-04-18

Country: US

Description:

1st batch of data: https://mega.nz/folder/lyUHGAoC#g1Qwh-OSXI4hRJq4l0J-Sw A bad negotiator disappeared at the end of the deal, so we are starting to release huge amount of sensitive data. Starting with 1 GB sample data and many extracted MSSQL...

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 67

Compromised Users: 778

Third Party Employee Credentials: 60

External Attack Surface: 143


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • soc dc.gov
MX Records
  • dc-gov.mail.protection.outlook.com.
TXT Records
  • docusign=d9af5032-0a97-4165-9917-dff3d6a7db15
  • z0h7s6hh9j22hkmh0nnfgynl8sbbbflq
  • atlassian-domain-verification=CluP9fDYk2ngB7am1rTvO9A1kMabQkb/TkYPQczNQbsRNxbyUs8vcNBINaF7hW2v
  • cisco-ci-domain-verification=466b7642db91eb6b16a8cfabe7f95d22cec5e3517fefbe798297cd150865ed04
  • 3pcp1p4wfqv20kddcyv1vyfsw24tbb5l
  • adobe-sign-verification=258c2dc712ea1a1cd7c46c46f54b6805
  • apple-domain-verification=bUVKiynGDHggfm2M
  • e2ma-verification=48kgb
  • 0623ce5ff4a54aac0bf3aee8028c6916
  • atlassian-domain-verification=HBFa0J1nnLYQXtaF6A4FUobWV5aGo9vDIcZNpCBrknhg2Hqlc5azAuLLFmAR78Hb
  • 1a18a358-3fe8-448f-966e-12bc9cab47bb
  • v=spf1 include:spf.dc.gov include:spf.protection.outlook.com include:_spf.salesforce.com include:mail.zendesk.com include:spf_c.oraclecloud.com include:email-od.com include:spfa.cpmails.com ip4:142.0.180.170 ip4:142.0.186.121 ip4:23.253.203.171 ip4:104.13" "0.219.135 ip4:104.130.219.250 ip4:104.130.198.37 ip4:23.253.213.135 ip4:104.130.70.233 ip4:65.196.93.7 ip4:70.33.172.36 ip4:68.232.145.191 ip4:216.71.152.242 ip4:66.159.241.111 ip4:66.159.239.84 ip4:66.159.241.112 ip4:66.159.239.85 ~all
  • duo_sso_verification=XP4aA0C8Q05cQKgtcvIiRCepIAA7GqfPFdrdrMi0IkloIX6X1z0NSDVrwxSSY5Cg
  • miro-verification=facd5cba00b67cf22e44a894772f03a83229caa8
  • nintex.63ab41b73ec889c959e10f0f
  • f2d5c8ee-f8c7-4225-bf4d-ca3182d90521
  • e2ma-verification=3pdcb
  • _qypuppcst3hdm3exdjfptuegikgiuym
  • adobe-idp-site-verification=264b923e-12ae-4166-ab00-02887d548e49
  • ca3-3043cd8cf3294d9dbb74306c1be8268e
  • d21267d5-b0d5-4ad8-899e-bf9671bddd90
  • atlassian-domain-verification=SCPCosHrMpfZMNEZ7IYaUq6Ac5ppg2hur0/fPcugNgMjTanjqPmmMnGaHI/Wqs9n
  • e2ma-verification=eqdcb
  • e2ma-verification=ke0cb
  • xsplit_verify=iW959K7ib3vWMz39vOZZeW8D634c2nOHhYHL
Cloud / SaaS Services Detected
Adobe Apple Atlassian Salesforce Zendesk Miro Oracle Cloud Cisco Cisco Duo DocuSign

Leak Screenshot:

Leak Screenshot