Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo pwc.com

Group: dispossessor

Discovered by ransomware.live: 2024-08-08

Estimated attack date: 2024-04-27

Country: US

Description:

pwc.com

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 54

Compromised Users: 4

Third Party Employee Credentials: 685

External Attack Surface: 123


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domainabuse cscglobal.com
MX Records
  • mx07-00096706.pphosted.com.
  • mx08-00096706.pphosted.com.
TXT Records
  • vflqgpe3m0mlvh2fgokv48hb7s
  • adobe-sign-verification=fe9cdca76cd809222e1acae2866ae896
  • Dynatrace-site-verification=e1257c24-02b0-4683-b1f0-ed10161afefc__97u4e8bo2j45deturo539k60ll
  • cisco-ci-domain-verification=dbbb79c5cff9ea41dfb1c7d46510219b80b1bd99f950622491d1ecc376d214a
  • cloudhealth=443ccb8d-7623-48f3-8699-c6edc0f598a6
  • MS=ms60756024
  • adobe-idp-site-verification=9f7ba6cb679661e15900e307343fa54a100ee46ee0eeb0e7893043755fb97005
  • MS=ms15193738
  • google-site-verification=YvOfoIZGL13OB-tlxp0vbnMh8ZGMUezqdTM_n2IVVUI
  • _74zhfwuf30nxpld0rzx4jhums6oixe4
  • google-site-verification=xLOiCrqpuZMX4u7brFUe_LUE4CKEnh3q_XTo8psC-20
  • MS=ms20672016
  • zoho-verification=zb25287966.zmverify.zoho.in
  • DomainVerification=L01TNKM4HS6ALWCUVL16GHS7F9QMLWCTS7F6CW5TE7IRZBERBZQEJ772I2I4S9QK
  • google-site-verification=FWtATqnJpwq_sUiRgAuMScKn8i0FavD-JVAF0XryNpM
  • worksmobile.certification.xafve0bdfy1d8bv1sg.ooujt3vqajkxk0.nutaxwxox
  • google-site-verification=-F7e9prBd4iXAViyKY2JZLLFr1Ht0T26TJzLh66foUg
  • google-site-verification=QA2VJi-kvyktewZqcuDxi75oSdL89BNRgD2SD1uh8CI
  • amazonses:+pP4lp3qHnOQY40qg0NNVazcPl97vjVonRk3slH74v4=
  • google-site-verification=7g2AhKp9mmHPGXW9MfRSbF5t-nsnIdOGY7xghGhRmE4
  • adobe-idp-site-verification=49ab72da-7526-41dc-aca1-05cbb8574d87
  • workplace-domain-verification=sd1uQjZQtcmvrpnXsrQbXfzTQ0WMSI
  • SFMC-1RfVwQVVmBdJ6SzIlFrF4ip001D_bz_Ibcysko3M
  • facebook-domain-verification=jko7uiiaedqwszu52arnykpu8zc4v9
  • atlassian-domain-verification=djbdcM4iasxSArsZylY9DKHfxkN1luY2DCr0INjFEjmt0YdRuAh6gFqd2qbmnm6K
  • mongodb-site-verification=rs81wcsQn2S42KYM0rhGpSPaxywGVGfC
  • v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com include:_s0.pwc.com include:_spf.google.com include:_tmp.pwc.com -all
  • mentimeter-8b8b9b41-72d9-4f03-98df-60d40a789ebe
  • google-site-verification=u7S8VodutD1C2leVjFjaHiOYLtB2ZAy9qnvXUx05XOQ
  • docusign=1b13fda8-ab72-49f4-91ca-7ff2d91199aa
  • asv=9b3c31b5c0c5c724b930dc891a6a5164
  • 0ed1fe018a87e5d0d94b47451d8085d60a5d593965
  • c5tt7hfw7f0mcylb80ty2w5gtk0dnzd4
  • onetrust-domain-verification=c08a2586bede44bc9b4c1cfaf6af9f6b
  • google-site-verification=Ovsc2mXudI6lyXAwLn1JbVTCmCU5rf7VsAgS9s9psl8
  • mongodb-site-verification=1ZxRCVG1CHBNEHCKmFZHU9MfjKAw0mcR
  • google-gws-recovery-domain-verification=51243510
  • pendo-domain-verification=eb09359a-5866-43c2-b36e-078d49368d40
  • docusign=9b581a06-bc87-41ff-a0dc-09edba37d90b
  • notion_verify_D32fzhTg2NhrxjjeTWUmsZykrzguMJTjmeWuK46eZA4V7t2CW8uoyRQoR4DdrUbexeEiQo
  • atlassian-domain-verification=5AQye7yfqQafq0JCwZU37QOXdsscjD6JaDLeqH/sA4orPYaMU90A5Ew7mKChvg9I
  • docker-verification=11e04c51-4845-4cda-9522-795e656a460d
  • google-site-verification=2Dkh3-WpmJuZztsHWpxJmjwZBxUXeN4wraKtGwLoE6U
  • MS=BC48668F0ACDAC1C1E0091584E180338BA93CD8D
  • docusign=940600e4-b66d-4580-9b47-7473ce2fe241
  • apple-domain-verification=zMaH8y3unMWhyW1w
  • google-site-verification=fs_OGxxiYIMsiml2_fidBE_kJrPRxZ2mhZ7bnL44yE4
Cloud / SaaS Services Detected
Adobe Apple Atlassian Amazon SES/WorkMail Microsoft 365 Zoho Campaigns Cisco OneTrust DocuSign Proofpoint

Leak Screenshot:

Leak Screenshot