etude-villa.fr
etude-villa.fr
Group: Blackbasta
Discovered by ransomware.live: 2023-11-20
Estimated attack date: 2023-11-08
Country:
Description:
Etude Villa Florek - legal servicesSITE: www.etude-villa.fr Address 18 Rue Néricault Destouches 37013 Tours FranceFULL DATA SIZE: 43gb 1. Finance 2. Accounting 3. Confidentiality 4. Customer Files 5. Users dataNETWORK: ETUDEVILLA-------------------------DOMAIN ADMINS------------------------- admin Admin de réseau adminabsi admininfra Administrateur OGMI SBSMonAcctetudevilla.local\admin @bsi37300 etudevilla.loca\administrateur @bsi37300-------------------------DC------------------------- VM-01-VILLA.etudevilla.local 192.168.36.203 Windows Server 2019 Standard-------------------------SERVERS------------------------- VM-03-VILLA.etudevilla.local 192.168.36.205 Windows Server 2019 Standard HYP-02-VILLA.etudevilla.local 192.168.36.212 Windows Server 2019 Standard VM-04-VILLA.etudevilla.local 192.168.36.206 Windows Server 2019 Standard VM-02-VILLA.etudevilla.local 192.168.36.204 Windows Server 2019 Standard HYP-03-PRET.etudevilla.local Windows Server 2019 Standard HYP-01-VILLA.etudevilla.local 192.168.36.202 Windows Server 2019 Standard VSRV-TOURS-DATA.etudevilla.local Windows Server 2016 Standard SRV-HPRV-villa.etudevilla.local Windows Server 2016 Standard VSRV-TOURS-DC.etudevilla.local Windows Server 2016 Standard VSRV-TOURS-RDS.etudevilla.local Windows Server 2016 Standard SERVTSE.etudevilla.local Windows Server 2008 R2 Standard SERVSYM.etudevilla.local Windows Server 2008 R2 Standard SERVEUR.etudevilla.local Windows Server® 2008 Standard FE
DNS Records:
The following DNS records were found for the victim's domain.
- support ovh.net
- dwjw0rdetw3nrcwdxg7e i.o-w-o.info
- mbt2kuav9bp7uhl9woco b.o-w-o.info
- tech ovh.net
- mx-mibc-fr-01.mailinblack.com.
- v=spf1 a:smtp-gw1.silae.fr ip4:5.226.2.176/28 include:spf.protection.outlook.com include:spf.mailinblack.com -all
- MS=ms65287596
- 1|www.etude-villa.fr
- h2v79qlr82tb4ngfdh4rngvq7e
Leak Screenshot:
Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.