Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo derrama.org.pe

Group: lockbit3

Discovered by ransomware.live: 2024-01-31

Estimated attack date: 2024-01-25

Country: PE

Description:

Pídelo Aquí Maestro, accede a todos los servicios que tenemos para ti Derrama Magisterial es una institución de seguridad social privada, perteneciente a los maestros que trabajan en las instituciones educativas del Estado.

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 21

Compromised Users: 992

Third Party Employee Credentials: 12

External Attack Surface: 31


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • No emails found.
MX Records
  • cust79867-1.in.mailcontrol.com.
  • cust79867-2.in.mailcontrol.com.
TXT Records
  • google-site-verification=Updo7EooPqaGSTFcR1uBCiuhrvDssYCm9wdhoD21ylk
  • v=spf1 include:intico.ip-zone.com mx a ip4:181.224.240.11 ip4:181.224.239.51 ip4:209.45.80.130 a:smtp.derrama.org.pe a:mx.derrama.org.pe include:mailcontrol.com include:spf.protection.outlook.com include:_spf.embluemail.com include:s1.acemsrvf.com ~all
  • MS=4DC0D5B5B0F102D7A5B57BC9FF14E347F2166BFA
  • MS=ms30442550
  • ZOOM_verify_W4szsp1oRu2hm51kAhavLg
  • amazonses:K9TlSLvjMmBNYtXR/aTkkthRDqP8pn0fUkfgo5Z6tmI=
  • brevo-code:34899efa1483473f99fa35483753d752
  • cisco-ci-domain-verification=2defdf7c11d4f8211b284b3758d420887d4afabb122d34ce8d375250e5bfedcd
Cloud / SaaS Services Detected
Amazon SES/WorkMail Microsoft 365 Cisco Zoom

Leak Screenshot:

Leak Screenshot