Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo deloitte.com

Group: dispossessor

Discovered by ransomware.live: 2024-04-19

Estimated attack date: 2021-09-06

Country: FR

Description:

deloitte.com

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 615

Compromised Users: 10808

Third Party Employee Credentials: 1134

External Attack Surface: 200


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations web.com
MX Records
  • mx2.deloitte.iphmx.com.
  • mx1.deloitte.iphmx.com.
  • mx1.hc5291-32.iphmx.com.
  • mx2.hc5291-32.iphmx.com.
TXT Records
  • wework-site-verification=vp4qMcALtPDFdcgh
  • onetrust-domain-verification=a0cb4cb0176842ddb6cc0d1e6b30cfaa
  • docusign=cfe8eeb7-e212-463b-84dc-3b26ba007ffc
  • atlassian-domain-verification=dLIlQmiccBluXbPKKS2tmGyncaHbmIFz3KnvSIXX3Vgc6yYh1NSL1KXS9FKHCctk
  • ms-domain-verification=6b3fc0d4-bae5-4ef4-94ff-773ba8da41c1
  • i2v4398p4mr7isidk5m2m07qv5
  • miro-verification=069d9fcb497e6de74804baa2b411ec4d2f0d93c4
  • eWYEBL0vTNp90Fi7pEMtOzvgtis
  • f41rg020epvqa1udg6dk8vnldr
  • ms-domain-verification=6b66dfb5-4ce6-4be1-a830-f4ac8d1310de
  • _pki-validation.deloitte.com BE30-D20A-41FB-EF15-8E2D-C571-5EED-018D
  • fb4b35da-5e65-483d-a65e-078e9fc651cb
  • smartsheet-site-validation=WVjFZI0fz9DwyOTI4nm_43gYK5n-OeGs
  • smartsheet-site-validation=58PJ_xrezU3GAu4S8NQ5hVaYFutUbPoe
  • pendo-domain-verification=Q8LbOJ9sw-d4mT7aJ_tNZgvqJ3k
  • ms-domain-verification=3eaa728c-6e69-4592-8e47-5ad00a7621d1
  • atlassian-domain-verification=L66arn4qBGevIGd4OOXp0hTjhjoR56WGrIN8oXNxQQ73Y/5xz0l1avPuoO0HWFgz
  • pardot915781=d16eadcd15c9f6d9157298f7c66d2856aed39c09fc767a94f221e6ee8e182537
  • smartsheet-site-validation=DLwgvodywck_t1KodlipGbx5y71KqKMK
  • 900D-006E-9F22-BC89-5750-7541-F89B-898E
  • atlassian-domain-verification=aWBXK4CToKSDQKox0FfH5L7WV1QWYA21gaNDI3Fh7X4cPbRK77SNPMh4lKYFBqYs
  • smartsheet-site-validation=iyjIJfzahNE6kuOHOR91Or7kIc6abmHr
  • facebook-domain-verification=ajccfsv4yv7doxqrsss18sc2a5xo2f
  • rnCcnGUhJtnj7Dq1gWGxZoz0YXHOPauyX91hX5wihVjIHvsjyYkNYk7yZYoIU8mJsDkoZz0T2Lwn5qxJdTauIw==
  • vmware-cloud-verification-928910b5-2214-48fc-b9b5-8ec60b3c769e
  • adobe-idp-site-verification=002048dc-2aea-458b-bb29-791643c0f141
  • MS=ms56848644
  • apple-domain-verification=UcKAb76mMaql2vzH
  • apple-domain-verification=napZz00kIG32Dy04
  • cisco-ci-domain-verification=6667927c28e9635a2787b791f46ffadbf1fb3801ac39a3350af5ca03c21a8e7a
  • wrike-verification=Mzc0MDg3MDo1ZjNiMDkyNmRjMTEyMzI5NDMzNGNkMjU1ZGI1OGIzMTQzZWVlMjVlNGU0OGU2YTMxN2ViZGYzNTU0NzNkZTc3
  • google-site-verification=VqNZVwcHvGeE-00TrFz_tWEDenz_VWX7QFT7w2V7Zds
  • _2otnbk4jjjscmd3zfxms84dekhtsayr
  • jamf-site-verification=bYr74rSiPjWRuKxgOF-4aw
  • 6scd3246wfq8n1bdk16qkm8j7bd0rlzg
  • apple-domain-verification=ief0G6Jz6BJWeXOs
  • gobe-site-verification=k7bubwzMAtYv81jvt@f.VS5LV4Z44f
  • 0d9fe004-c548-4223-8c67-8903fbba1813
  • notion-domain-verification=XE9QsKNeN7aCCXSeX4Ymm5eHOwhuzIZDaMtuyJW7r7E
  • amazonses:j6yo6t64fzWubtgQlyZoS8FVzI2viowM7qHOyiFliJE=
  • mongodb-site-verification=x3Jx2OgGjX0NWH7y29KOsPXBzq2xOyb8
  • Dynatrace-site-verification=1327f658-4179-4c86-b459-aac7a6074990__lqmfr7i83e92uu40ugebd03u18
  • dgmns2vzpnlnphj0pntm0n7yvl1sp6ny
  • facebook-domain-verification=lj27ke4el7sd5soeflzcq7fvthqp4z
  • amazonses:PJ0KY/BF3ifqpmkDq2YtkyR5ikzN2rIZbJaIZOR4uYg=
  • google-site-verification=WwTh62UFLuVO4NB3C-foXAWDqICm8eGSkJz6I0uRnOI
  • atlassian-domain-verification=qV2z9qonymDWt1ae/+D6nob8qkRlgxKNpMrtNpuA06nh4C9EFEhyhmSXIs/Xr/MX
  • amazonses:KqplkkmBX8hwCIu00k7M5swKxVRDb+9J2UGKA4PRq3A=
  • taFQDZYQ4B9aWHNqaQcvoaUKicrnPXZHa73/1SFbNBWwlh/yJqcnwFi9QUaDbaCvpYXcZ1qoWBs9wIO/se+KVA==
  • _mmgohapk735rgqlnigl1da8rcvllf4u
  • meltwater_sso_20200304_t3-2419
  • ZFtKkwOG/SXsZZTZtr/b4zrQAaVwCNBlyWFKLqpFre8=
  • vkvBmbPA+CEZ5pWKq8YTllvoSelYHocVAc1F1MxhvwHpvSeL06QW/KBfA7APLHIaOn4atyCbLwK/pW5NoYRUbQ==
  • apple-domain-verification=rmhHVHjzVLtO96zj
  • onetrust-domain-verification=e45edee6d55f4a6793d107a58b327ab2
  • docker-verification=f9d9773a-6b64-4259-897d-3bcad558ef18
  • 5143609f-7781-41ba-8ba2-bbd534e1f2f4
  • zsd2n3g4rl31pfxlw81702hk0pbllzl2
  • zoho-verification=zb55022907.zmverify.zoho.in
  • v=spf1 exists:%{i}.spf.deloitte.iphmx.com ip4:216.71.141.160 ip4:216.71.142.133 ip4:68.232.135.213 ip4:68.232.130.230 ip4:104.146.16.192/27 ip4:104.146.17.128/27 a:mx1.deloitteie.c3s2.iphmx.com a:mx1.deloittetw.iphmx.com exists:%{i}.spf.hc169-40.ca.iphmx." "com ~all
  • successfactors-site-verification=OGEzOWMxYjBkYmVkYjI0NmE2MmZkY2VlYzAyZjQxYTE1OTdmMGVhMmNhMTA4NzIyNmZlZjZiNDFhOTIzMDlhNw==
  • atlassian-domain-verification=EfLYC2tpmPaKRp3lz27Y2iYwmCwP4keVaK5lh6G3awKbYxa8FS8LSVdhHOa81a0Y
  • docusign=a75b33c9-7b03-45ee-b6a1-3a99a0f47350
  • google-site-verification=P1E8DzV0j2B3zOrdR4CKgKAsx8W7Pii9K7Kko_7odV0
  • figma-domain-verification=d532e1c25356008253917e65570709b0c2fe444363b20c0f96f5557debbbf11c-1741783423
  • ms-domain-verification=a7f62058-ae74-4d62-925b-8cd2c823e6c8
  • facebook-domain-verification=kfow0fjjnp6vg2596iwns517h7idna
  • kvv9vh7skvjjnomntfc4kdtv0g
  • 23kj3245lkjrhgj93546jlkn409u43
  • ms-domain-verification=fbdbfbb1-79d6-4dd6-a94c-7e27aeede2b4
  • amazonses:HNqPQ9Fn0hXRINP17zT1M6Eu9x6jZHlTJ4ZghRxwSRU=
  • workplace-domain-verification=51e42aa1-5d13-4625-ba00-75633c560b52
  • smartsheet-site-validation=b9sHeo5bFEMRugNbaGkpJWob18BbOuUu
  • atlassian-domain-verification=cbRyDSpfZZfDXfcRLY974B1uZcMwhfR1HLD3ZpquWdYWqQgPLtewfAyVpva14Cqy
  • gfOX5sGfwlwlEa5QH08PgYUk76w74cYQ/KsfLDK75v8Ca8FXi1JU1mAUwemvoGiax7zM/j789qAhEFUkkFAMDQ==
  • amazonses:3gDBjS5XtzhWTFkZH1/PION25LVUJE2w3P9msyC8obQ=
  • \226\128\156atlassian-domain-verification=TERygaFH40lyOd2hmJGtCA2w1aJwx6y7tFKDkgG/KbegUOj0NrRxiWP9wM6y3e4H\226\128\157
  • Dynatrace-site-verification=c807c4b8-5f81-4e5b-a562-e2179a6e98be__png1csh1sk74vtdrh30vi3td48
  • _globalsign-domain-verification=mf6QIdU8csnwnQyJgIubqoQgPxSOC1oH-BhiV-RjBg
  • atlassian-domain-verification=0w/TMAc83LcJu5YTSFzxnj6MW69Gio5eeSCReTAR27x74fY6RbN1/tPaeVYRd4EK
  • SFMC-hTyRrbEjHJ1btDpowzJgQGKGonybh8xpCK71yKGN
  • ms-domain-verification=85f5d93c-1c3a-424a-9fc0-7b2f92656b02
  • atlassian-domain-verification=AZk4U7rbpRjt1c7hmKkq5KxchbKTIjRpEfeCCQaFPZBsiyXacfWHT/c60TrstfjH
  • \226\128\156globalsign-domain-verification=xvsKIQGhtZ6jwzGdOjBUQX-wVgxGb7zufzOZ9OOu2v\226\128\157
  • atlassian-domain-verification=Avdx4aNpjAqVK0CXBdk3LjsX8IedcDaO3S6NLfa87po/WVqWlJbdWu2I3OFip/MM
  • nintex.620f098cf8ca120069984ddc
  • 39371e02-bed7-420a-9971-6e831d6f9aca
Cloud / SaaS Services Detected
Adobe Apple Atlassian Amazon SES/WorkMail Microsoft 365 Salesforce Miro JamF Zoho Campaigns Cisco OneTrust DocuSign

Leak Screenshot:

Leak Screenshot