demos.fr
demos.fr
Group: cactus
Discovered by ransomware.live: 2024-07-30
Estimated attack date: 2024-06-28
Country:
Description:
Download link #1: https://***************.onion/DEMOSGROUP/PROOF/Mirror: https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/DEMOSGROUP/PROOF/DATA DESCRIPTIONS: Personal identifiable information, corporate confidential data, NDA, contracts, employees and executives personal files, financial documents\statements, customer information, corporate correspondence, etc.
🕵️ Infostealer activity detected by HudsonRock
Compromised Employees: 0
Compromised Users: 18
Third Party Employee Credentials: 0
External Attack Surface: 5
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- tldsupport cscglobal.com
- indom indom.com
- gestiondomaine demos.fr
MX Records
- demos-fr.mail.protection.outlook.com.
TXT Records
- v=spf1 a:smtp.demosgroup.com a:placedelaformation.com ip4:185.16.44.91 ip4:185.16.44.92 ip4:185.16.44.95 include:spf.protection.outlook.com ip4:192.254.116.44 ip4:159.183.216.233 ip4:159.183.78.194 ~all
- MS=ms68677123
- _globalsign-domain-verification=00D1CaOsz5OzkL_G0rMkLNj7q1GC1-MhPmCwhHx4IS
- globalsign-domain-verification=518c40ef265da33ea2b344b8f76e72dc
- google-site-verification=gfhOnV_DkNPHQOtDV7GfR0PHPBKf__xcI5qHrPZCDIk
Cloud / SaaS Services Detected
Microsoft 365
Leak Screenshot:
