Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo drmarbys.com

Group: cactus

Discovered by ransomware.live: 2024-04-17

Estimated attack date: 2024-03-11

Country: US

Description:

Download link #1:  https://***************.onion/DRM/PROOF/Mirror: https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/DRM/PROOF/DATA DESCRIPTIONS: Accounting\payroll documents, Personal Identifying information, HR documents, contracts, corporate correspondence, employees and executive managers personal folders, etc. 


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations web.com
MX Records
  • drmarbys-com.mail.protection.outlook.com.
TXT Records
  • ppe-d29b442109f77eb5fdc4
  • v=spf1 mx a:mail.drmarbys.com include:spf.protection.outlook.com ~all
  • 1password-site-verification=W6RXU2SEFRGVZCJT3M45ZVNSSQ
  • MS=ms61829351
  • uber-domain-verification=b4427f5d-a035-4811-9aea-e68cac9c5e3f
  • aIaq+QQEldhJwQIZ3shSopLeDcFr/TvS3FX80PtP7W+Ewqx+mykcwEFD8lcKl6xu1VOrkS9n4TW/B0x1FNnZAQ==
Cloud / SaaS Services Detected
Microsoft 365

Leak Screenshot:

Leak Screenshot