deskcenter.com
deskcenter.com
Group: cactus
Discovered by ransomware.live: 2024-06-23
Estimated attack date: 2024-05-29
Description:
Download link #1: https://***************.onion/DESKCENTER/PROOF/Mirror: https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/DESKCENTER/PROOF/DATA DESCRIPTIONS: Employees personal and corporate data, personal identifying documents, financial documents, customer information, database backups\exports, etc.
🕵️ Infostealer activity detected by HudsonRock
Compromised Employees: 1
Compromised Users: 2
Third Party Employee Credentials: 0
External Attack Surface: 1
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- sece.leitstellenservice telekom.de
MX Records
- mx01.hornetsecurity.com.
- mx04.hornetsecurity.com.
- mx03.hornetsecurity.com.
- mx02.hornetsecurity.com.
TXT Records
- atlassian-sending-domain-verification=a5926fc4-e653-4ead-aff0-67e0406c450d
- atlassian-domain-verification=6ezBQn15U/JtNHSMABFoiaLmjY6WwaNTczduM7y/FYDVBQ6XytA2dGCWiTuhIFO4
- 1jdyb25n57lpmc3lh9n5msvlkfyckckw
- apple-domain-verification=Y9QQopfyn57DDODR
- v=spf1 ip4:87.191.27.120/29 ip4:188.40.29.224 ip6:2a01:4f8:d0a:1120::2 include:spf.protection.outlook.com include:inxserver.com include:_spf.atlassian.net include:spf.eu.signature365.net include:spf.hornetsecurity.com include:_spf.rexx-systems.com -all
Cloud / SaaS Services Detected
Apple
Atlassian
Leak Screenshot:
