sully#####
sully#####
Group: clop
Discovered by ransomware.live: 2024-12-24
Estimated attack date: 2024-12-24
Country:
Description:
Presumed victim name: Sullivan & Cromwell - Cl0p announcement. We have data of many companies who use cleo. Our teams are reaching and calling your company and provide your special secret chat.
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- abusecomplaints markmonitor.com
- whoisrequest markmonitor.com
MX Records
- mxa-00206201.gslb.pphosted.com.
- mxb-00206201.gslb.pphosted.com.
TXT Records
- _F899A9B8C2C02A0BCD519E9776215BE6.sullcrom.com
- ZA=2IAEx8rXiZZUGrCu9UCItQ==
- MS=DB6CED9EAC303484BB4C24368833E3FE8027E7F0
- google-site-verification=sm6N4s-7Je-sox-PrRwK3wBlaP7zOVqtCPQfb9BVOr0
- adobe-idp-site-verification=816c348a63bff6cd9b39f9473144eb01a5b0e7597303f1125014417d60a92e9a
- v=DKIM1;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChACgu8O2ounZcabypuyH1EZRrIm4d5P3RfGMqfvzZMTYv95m3FWOBhC48604va1uhbKI7m09ZZ0gCoMROEeT2kn5P8YSC8/7nn8sQigfGiuzmZ2bDoM+cbfcB7psWUv1Y7Ehb8dCu/pTmfSGK3skY7HxyZsTfQF2Na/7q7T+kwwIDAQAB
- XgSzm78v6iV1gyBgNpVfzJ6c92Rzm5oAa3IUomPx8c192NNIe1hafXIwXjJQTnAcSStgHngJRe80hmCwsZOmlA==
- v=spf1 include:spf-00206201.pphosted.com ~all
- c7jHBSaC9JLpzzoSYW2q4oaJCgSgnrQNMU1EhSzdABo
- docusign=37bf7c84-1825-457a-b669-8fbc9683460a
- _29C9C1AFBA28B1C0ADFC89302642F922.sullcrom.com
- AQF/ufaYIgP0MYYHcSAtR147T6/43i8wMIraWGZow3X386sAngzWZON8+krfqyLI5sqiTqulqrf1A4Li1zp1Lg==
- openai-domain-verification=dv-9bvFYuJhpgDrjYwKY3JfFG4u
- MS=ms65342081
- T7NNhAVxFV12WmPSo2pSgyEQeyoUvBvUbqjHN1m59jaOOE3IXXnwtHH7UcPftFTlZeATj6MMwROXZNp9qYwCUQ==
- google-site-verification=H8xZ-_Mg5aaypLSr02kKHSR9y9Z8HOysHVzB144cnww
- _2D82F3262D612912945CCB88A61C5D02.sullcrom.com
- apple-domain-verification=ePK4AIwB0pdIB1Fp
Cloud / SaaS Services Detected
Adobe
Apple
Microsoft 365
DocuSign
Proofpoint
Leak Screenshot:
