Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo wolterskluwer.com

Group: dispossessor

Discovered by ransomware.live: 2024-04-19

Estimated attack date: 2021-01-08

Description:

wolterskluwer.com

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 19

Compromised Users: 414

Third Party Employee Credentials: 172

External Attack Surface: 113


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abuse gcd.com
MX Records
  • wolterskluwer.mail.protection.outlook.com.
TXT Records
  • p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrJEIraG8h46y8Dxz2q4RWZScghFJDQQ8dnRQQ03C29Mg1zNCl36VbbI2vlFHqNHJRjTKju0TpB+FWtl1oOoC0QtyXz1IF2iRBmhuAPv+bl++Lxd8SjJobxmH3m1QVR/fIgjl0VAwRx+8LyIuoGnV2aURmX51GxYbqN8QiOBGfJQIDAQAB
  • 486uvl44q2o3emo6ivaeqbsth5" "6osfhgr2vbr412cvqa884q9kis" "qqc6bto6asi0qib84gk5rq3gsp
  • fvfr100et2b0id92dmd44h3op1
  • sending_domain1098022=880852b407dc525cdbb709c3df722c1b13988dd6c9552282d7fe1de8e0909f4e
  • atlassian-domain-verification=StiQ2KrduMrIj7Z/kv6drzkosavMAAIanoTJWlPGbYjsNAyiH5KpvIUJL7ZntiRI
  • pardot731913=9863868c6fcf0df7517a117554e0f28404239711905d61285dadf06ea7f9f073
  • tbNcJoU9-Tht3-06lrylve8xidLi1xL_MZ-rfktjF2U
  • pendo-domain-verification=7428f1bd-3f32-494d-b531-36ec10e48998
  • v=spf1 include:spf.wolterskluwer.com include:spf2.wolterskluwer.com ~all
  • vmdcokv0qbp29furn8t0c4f3fh
  • amazonses:++7bjPYzAVzIb7vRY7gcpuR2ZBj8gM/8+Fq92swBQ1k=
  • pardot399122=2538123cd4b3e7521a32c996a29167b6f9343f080bb2839c8357c4cf88296d93
  • smartsheet-site-validation=RGh7XSGBZQctusgOoyeSS02qGZXvbehG
  • ciscocidomainverification=5b4d39d56d9dc011a1130866c495cdb637ae94362c5aefd486d37220441d212a
  • atlassian-domain-verification=S0EsB3OGmz8aVfKkL4fAicw+tRifQYq6RaTof4x+lQSUzqe8Fa5Wh/RpPWnXDVfb
  • atlassian-domain-verification=fB1n/La4Jz7yFC1bEolvvZSadvUV3y/Lq2ctr3aEIQdKQ8gWznyZkRs61QpCpHCC
  • onetrust-domain-verification=bdf6b5241b3940e7b5954938cf023a89
  • amazonses:QHC7y2VAe0O8nNHT3JDkUXUa59aTw1ofNa6G4duBq8k=
  • guq8n01it8rupor8ia83stm3bh
  • MS=ms87676732
  • b8926aeda68c4c708a7da1e734bca78e
  • asv=4af7337e5ab237dcc1387d8c3d76a279
  • zapier-domain-verification-challenge=4b511ccb-3a51-476b-9167-779d3ba43f82
  • include:2514384.spf01.hubspotemail.net
  • 212.211.139.9
  • smartsheet-site-validation=-xI1dNinRpBX0uPxZ7RGnUXTpqJRBhC7
  • jr9rbnjgqdmfipgi937jicmaaf
  • amazonses:UKsa+MYyxR+QvMAGbK8OHKLJEkftgzHXCngwMUcuFk0=
  • google-site-verification=yA0NUcrAvyJogh_v1xPgc_UgXT_eQ9ohwOAStrYAU-w
  • pardot_339101_*=19a3ad356911ad658191ee53fe77578a09a0449f276fc05b71c5e70abe3c689b
  • 2vMXqHZCJxVNv0ZPaJFhq8cdbks:6DB2-A90F-0216-44FF-FFB9-103C-C0F1-0C87
  • adobe-sign-verification=9827dfe51d191327d94c28cc5a7408
  • atlassian-domain-verification=eRRUO/0VWbhPshgNGSGEPda8HMMZq/KsiVBsfPaNpm8nvJwmRzEoGtx7KDa3GSa6
  • pardot956672=3977093e47e13a1f6616e6e3ff3ba60cc59250c46a3278a0c717d1d28f0e60cf
  • ms-domain-verification=af2670bc-a493-492d-83e7-bdb3fa614f77
  • google-site-verification=Eczb5xbhxT7APoPD8fKoJL5Tqd94rVHQqUphzbsDw6A
  • UK-federation-domain-verification=bdb129f6c29f5ec35ac5ea89256845aa
  • onetrust-domain-verification=bd102e022878455981dad00ca02fdd4b
  • pardot940253=01ee10a5a7f38916487035c9ae27a61e0eed5bbf437d4abe5713b3d85703445c
  • pardot1098032=f68c1c49ad71d152b44f9d9c3b405f2bf00df2e4593ebf21dc8cdcfc0265e6fe
  • MS=ms55391449
  • docker-verification=d54a73e0-7977-442e-91ec-04a44f6a8d6e
  • _globalsign-domain-verification=yUo6O2RtxlXLZv4CbvSUDEZkUjIpzvwA9Sn6TY60cZ
  • AK9oV9D8nCBDAO7zwsYIYP4TjmzUHkmYR4j+r9+0Lb4=
  • apple-domain-verification=OXig4YYzfeVgSKCv
  • sending_domain1098032=e268fd9475ffbaba6986e69f6547ba969078fe2d60af105f8f2b47f63b508373
  • ttddhaurm178j8868jk9uq9c87
  • adobe-idp-site-verification=71d8f4410b4807380d4bb9fecb30c08510e3607259a347930011d501c121b533
  • 5npvvhrq1pmra39utam58hj7oo" "f5CGo5aJX1Qm2yHEkFF5EgLc4o7K3H4T3ENWtD+jVcQ3nqJ0KyjmmBaygbFGSKg9tVNSSkNHqOhZtF6UikHl5A==
  • google-site-verification=-B1drrdX9tP6UkHwxLgXKADRY4WDv90zb7tyAbEBW7M
  • google-site-verification=ywVSRjOexLUXVkkpNhqZfwFS2l-6R2crzhd2lFxUFgw
  • onetrust-domain-verification=23ce9e8b7cff4eda8af0baed1cdb15a3
  • teamviewer-sso-verification=6f4ec27c1c0f4a4587a2d755655a17e8
  • atlassian-sending-domain-verification=9def40a0-d875-410d-849b-a9c133df525d
  • mongodb-site-verification=dFf26Ndsw41azW7RYmjERbxwobKdnwEZ
  • ew5wnbqfQB8q_0J3-pn0HmZkeeG_8feTOMSu_RIOHd4
  • qrlhm62nb70w4x0vhkfc4jpcz1vtrbvk
  • 297ofielbvsohkd0it4691h809.
  • infoblox-domain-mastery=adb31d2b1afac0084e4e8f613b765db3c2cc1d98b82be38edc2ea8592aff361d6f
  • google-site-verification=LojBcpjTQSq3XZTO7yjIwCz4OrYVoUvYsval6lTjVJ4
  • pardot920163=b7c01dbcb02bca1a32f37d979278841760a29019cf037e9c32a65bef6c7f4d2b
  • miro-verification=b340eda66068713da1270f9a088b3a6321437550
  • atlassian-domain-verification=ieukIwCs8lAYgj2Gr8GVbwL8TNrXQaDX4iTn3F5LvYTAouhJRocDSb6wTMgmSpmo
  • pardot399122=16f9e555fa72bf66fb94d456e33b8f296c38f8d90a9ae3ce008a438f62f59998
  • mongodb-site-verification=wF12L3hiqjWgEKZzDWIvMVd1TAdxpH4v
  • MS=ms42247502
  • pardot1098022=e81837a50c980c77913dd2e1ce40fd275236502531246c90a521d24d67f96344
  • 4801eq6erlnsoctq8hofhjv0hj
  • amazonses:XhNn1iKEO3jQlI+mHoGb/8L2Zzp7LZ4uchN8scgCtPk=
  • amazonses:fvjlL07yFXQv7HPmcglJoFTV4HlZnobrF23+Zd0U02U=
Cloud / SaaS Services Detected
Adobe Apple Atlassian Amazon SES/WorkMail HubSpot Microsoft 365 Salesforce Miro Teamviewer OneTrust

Leak Screenshot:

Leak Screenshot