Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo riomarineinc.com

Group: cactus

Discovered by ransomware.live: 2024-09-06

Estimated attack date: 2024-08-07

Country: US

Description:

Download link #1:  https://***************.onion/RIOMARINEINC/PROOF/Mirror: https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/RIOMARINEINC/PROOF/DATA DESCRIPTIONS: Personal Identifiable Information, employees\executives personal data, engineering data\drawings\projects, customer information, financial documents, contracts, corporate correspondence, database backups etc.


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations web.com
MX Records
  • mx2-us1.ppe-hosted.com.
  • mx1-us1.ppe-hosted.com.
TXT Records
  • 98W-CLA-PA6
  • MS=ms70989677
  • hubspot-sJy2mq2Vf6QtlXH0dJd4
  • lk2uhjspiuedqivm9vqfgj7nk6
  • m5hqhf8m0v7ldbcep10do86qir
  • v=spf1 a:dispatch-us.ppe-hosted.com ip4:192.94.251.57 ip4:207.91.146.7 ip4:207.91.146.8 ip4:207.91.139.76 ip4:40.119.46.45 include:spf.protection.outlook.com include:spf.mandrillapp.com -all
  • 63ngkit608atst021orj1htvks
Cloud / SaaS Services Detected
Microsoft 365 Mandrill Proofpoint Essentials

Leak Screenshot:

Leak Screenshot