Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo plymouth.com

Group: cactus

Discovered by ransomware.live: 2024-03-11

Estimated attack date: 2024-01-26

Country: US

Description:

Download link #1: https://***************.onion/PLYMOUTH/PROOFMirror: https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/PLYMOUTH/PROOFDATA DESCRIPTIONS: Accounting\treasury\taxes 250GB+, HR - payrolls\personal documents\dossiers 150GB+, Customer data - projects\contracts\drawings 90GB+, Engineering\R&D\QA 120GB+, Legal documents 3GB+, corporate correspondence 20GB+, employees' personal folders... Hundreds of Personal Identifying information documents, executive managers personal and corporate documents, engineering database backups, etc.PRICE: $1.5MFILE TREE PRICE: $15K 

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 0

Compromised Users: 1

Third Party Employee Credentials: 0

External Attack Surface: 1


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations web.com
MX Records
  • us-smtp-inbound-1.mimecast.com.
  • us-smtp-inbound-2.mimecast.com.
TXT Records
  • MS=ms53024603
  • 343ri30u97o475u029squfbn3f
  • docusign=3cdaa33c-b363-42a1-a5f1-eed24739d9c8
  • v=spf1 include:_netblocks.mimecast.com include:_spf.odoo.com a:zimbra.d9t.de -all
Cloud / SaaS Services Detected
Microsoft 365 Mimecast DocuSign

Leak Screenshot:

Leak Screenshot