Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo marvell.com

Group: lockbit3

Discovered by ransomware.live: 2024-06-23

Estimated attack date: 2024-06-22

Country: SG

Description:

500+gb https://mega.nz/folder/4qdwVIKR#uMVVp4g0U7VjBAo7UCNT5w The company www.alliedtelesis.com had offices in America (3 offices), Europe, Asia, China, Singapore and so on. We hacked into their network and took data from this company www.at-globa...

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 27

Compromised Users: 100

Third Party Employee Credentials: 110

External Attack Surface: 10


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abuse comlaude.com
  • marvell.com-Registrant anonymised.email
  • marvell.com-Admin anonymised.email
  • marvell.com-Tech anonymised.email
MX Records
  • mxa-0016f401.gslb.pphosted.com.
  • mxb-0016f401.gslb.pphosted.com.
TXT Records
  • wiz-domain-verification=1333f64a7a82855498315813ff1b0a7c6cabc052846455261f4227e379850bb4
  • cisco-ci-domain-verification=462e4acc564d36c06ce5bc7788fce7ffdbb3b7bc007907d89511f30270487339
  • slack-domain-verification=iHPtYGTSSS8r3uF3w8KzDSHAodxD3UIrqijeyiTG
  • jamf-site-verification=ujAISW8HqSWK-Ok_kEkeLQ
  • adobe-idp-site-verification=50fdb538aa71a4f5bb8779c0b7ef61343a8ca0411cd38f3fb647ff946aa03e78
  • v=spf1 include:spf-0016f401.pphosted.com ip4:129.145.21.86 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ip4:54.240.0.0/18 ip4:69.169.224.0/20 ip4:198.207.147.224/27 ip4:204.239.0.224/27 include:_spf.salesforce.com include:spf.constantcontact.com include:mai" "l.marvell-ext.marvell.com include:mail.marvell-customers.marvell.com ip4:46.243.56.31 -all
  • miro-verification=1162f9bd74b3bda8267a09f52f43360e32975943
  • smartsheet-site-validation=Myq77ObcvczO74Q8Mvpbq7yfQ2Hu3-gH
  • MS=ms64056207
  • mandrill_verify.T5RQ2lhr9III9HoVT7vKnw
  • atlassian-domain-verification=sAKp2ZB8QYQXJb5ZvgnQQj4F6TxshUKWEkHJq19iML4DI3adHJ63sqiqRwugSLsj
  • mandrill_verify.S0U5yGZghOWqa-ix6wFFzg
  • cursor-domain-verification-zrpez6=sfGoWPxPuFNExyNYRkW0mcdwr
  • airtable-verification=b1ba7b1ca7d10588048ea2703ebeff5a
  • amazonses:30N0eHQfa0W3JFtPUjWtLrWsedilfCUAhN7TTNkPJ8g=
  • teamviewer-sso-verification=9079f784c1c34c06ac36a69aa8d2b584
  • 7hKLXaOI6raNrpgiVgCslTgf9St4X4dKQ/PZ7V0zdux+cBFt1lb6BC8JiItFiQH8TvDWbIUCRWjTjxeGSQyy3g==
  • neat-pulse-domain-verification-7M1z5xN=2701b9fd-f08e-4385-9670-091ce1010eca
  • google-site-verification=WqiYVLlOA-j-mIkfLhCJu2H_15pIqKNUFa75ea5e-wU
  • apple-domain-verification=ZFM4s5ih2XmqyQFY
Cloud / SaaS Services Detected
Adobe Apple Atlassian Amazon SES/WorkMail Mailchimp Microsoft 365 Salesforce Slack Miro Teamviewer JamF Cisco Proofpoint

Leak Screenshot:

Leak Screenshot