Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo kelson.on.ca

Group: cactus

Discovered by ransomware.live: 2024-03-22

Estimated attack date: 2024-03-12

Country: CA

Description:

Download link #1:  https://***************.onion/KELSON/PROOF/Mirror: https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/KELSON/PROOF/DATA DESCRIPTIONS: Accounting\payroll documents, Personal Identifying information, Engineering\QA data, projects and confidential design documents, contracts, tenders, various customer data, employees and executive managers personal folders, database exports, etc. 


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abuse rebel.com
  • JOSH.KELSON KELSON.ON.CA
  • dnsadmin remote-tech.com
MX Records
  • mail.kelson.on.ca.
TXT Records
  • v=spf1 ip4:70.38.104.241 ip4:208.124.198.123 ip4:208.124.217.219 ip4:216.9.248.0/24 ip4:209.5.235.176/28 ip4:216.95.206.0/24 -all
  • duo_sso_verification=HhcaQszGxRMXOJfi39tWVXWmu3Qo1RHz8a6zh6wodaozd934m1u2UCg4zRwWEvlF
  • MS=0B252A6919DD80ED67D32B4BB8FAE34F97F396C7
Cloud / SaaS Services Detected
Cisco Duo

Leak Screenshot:

Leak Screenshot