Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo eastwestbank.com

Group: dispossessor

Discovered by ransomware.live: 2024-04-19

Estimated attack date: 2023-12-22

Description:

eastwestbank.com

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 2

Compromised Users: 237

Third Party Employee Credentials: 3

External Attack Surface: 55


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abuse godaddy.com
MX Records
  • eastwestbank-com.mail.protection.outlook.com.
TXT Records
  • SDL7CcSgHR6Qklw7LJftLP3IxBapmcMkbPu0ziUQeh0THNBpRjam4RDxtPLnQhdorO0mp0j9ZrxuAybADjv2tQ==
  • docusign=a8a24b11-08b8-46ca-9623-8fec1ed7cfd0
  • qTzi8992kFinCSjq7s+tFEyg1Ci62aPY+1Q63VYwSxHcCEzQWciYDoQ2B8DZ5SySd+UW6drfp9Y5sOoxX3n6Ww==
  • cisco-ci-domain-verification=426de29c1769b4df8b77debf1d1e67f18a9dbfe740ae7f656592516a06b4b2ca
  • v=spf1 ip4:63.157.54.0/24 ip4:204.86.71.225 ip4:210.184.55.135 ip4:210.5.29.116 ip4:63.98.129.34 ip4:216.131.12.33 ip4:139.131.76.34 ip4:139.131.76.81 ip4:139.131.76.84 ip4:206.201.66.79 ip4:206.201.66.26 ip4:206.201.66.27 ip4:74.113.193.79 ip4:74.113.193" ".80 ip4:136.179.39.70 ip4:136.179.39.102 ip4:136.179.39.103 ip4:136.179.39.104 ip4:13.108.238.128/28 ip4:13.108.238.144/28 ip4:13.108.254.128/28 ip4:13.108.254.144/28 ip4:65.119.189.250 ip4:212.118.244.150 ip4:40.122.130.225 ip4:20.3.206.192 ip4:20.236.28" ".250 ip4:52.156.84.252 ip4:167.89.91.218/32 ip4:148.163.135.141 ip4:148.163.139.141 ip4:174.140.138.245 ip4:50.205.105.51 ip4:139.131.126.24 ip4:139.131.126.25 ip4:139.131.126.26 ip4:139.131.126.28 ip4:139.131.126.29 ip4:139.131.76.33 ip4:139.131.76.34 ip" "4:139.131.76.81 ip4:139.131.76.84 ip4:139.131.76.85 ip4:139.131.76.88 ip4:139.131.76.89 ip4:185.147.173.4 ip4:185.147.173.6 ip4:185.147.175.4 ip4:185.147.175.6 ip4:4.155.41.81 include:spf.protection.outlook.com include:spfhost.messageprovider.com include:" "spf.digitalinsight.com include:_spf.salesforce.com include:email-messaging.com a:monitor.ensenta.com ~all
  • adobe-idp-site-verification=1ea83767695f021df8e489e3987a3092ce9c8af6d739f08d0a0244a23be103f9
  • jamf-site-verification=qLkvZqR0K4D4wnYb7ZTylQ
  • atlassian-domain-verification=0EkKlZ5si8KLhr2x3I5Qba3oahHWV3tmKQp68kwzpGPYsraH3ZPbZyo9AacWaXgo
  • amazonses:beWAyQHqd0m1smBSH9C1wHMXaPfQ1D8KlqU//7obLyk=
  • d6848e62-e834-4c64-91f0-c12d6c4eced1
  • d365mktkey=3btehtl7m7je0qcfsuduokudb
  • TTZUKqr3hOhssErFY8SN
  • MS=ms67300735
  • d365mktkey=1jyl33r64sdtby2y8zumshf
  • spf2.0/pra a mx include:senderidhost.messageprovider.com ~all
  • apple-domain-verification=lJt4xez3uSZRSulr
  • facebook-domain-verification=xrdf3l0d8849qlsdkkbv999qwiki2u
  • docusign=89e7aec9-9ad9-4ad3-bf23-3de58f44edc1
  • workplace-domain-verification=dO1PzBwQH4XL1eYLluZDEIpeKSMZsS
Cloud / SaaS Services Detected
Adobe Apple Atlassian Amazon SES/WorkMail Microsoft 365 Salesforce JamF Cisco DocuSign

Leak Screenshot:

Leak Screenshot