Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo schuettemetals.com

Group: cactus

Discovered by ransomware.live: 2024-05-20

Estimated attack date: 2024-05-20

Country: US

Description:

Download link #1:  https://***************.onion/SMI/PROOF/Mirror: https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/SMI/PROOF/DATA DESCRIPTIONS: Financial documents, supplier agreements, contracts, NDAs, Personal identifying information, Engineering data, employee personal files, database exports, etc. 


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abuse name.com
  • abuse newfrontier.domains
MX Records
  • mx1-us2.ppe-hosted.com.
  • mx2-us2.ppe-hosted.com.
TXT Records
  • eernd1sdcmitjf45tp88esamlr
  • v=spf1 a:dispatch-us.ppe-hosted.com mx ip4:216.55.104.107 include:amazonses.com ~all
  • MS=ms20156493
  • cisco-ci-domain-verification=482b3c2b24dba53849a67fb63c2564d6e391534835a01ff682b170d898aa83dc
  • lq3teuql1ff049n2ls9kdrqfbs
  • ppe-d3d9c47709942aace72e
  • MS=ms46318556
Cloud / SaaS Services Detected
Amazon SES/WorkMail Microsoft 365 Cisco Proofpoint Essentials

Leak Screenshot:

Leak Screenshot