Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo water.cc

Group: lockbit3

Discovered by ransomware.live: 2024-02-09

Estimated attack date: 2024-02-09

Country: US

Description:

Living Water InternationalPursuing the physical, spiritual, and social flourishing of all people who lack safe water, sanitation, and hygiene through the global Christian community.

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 1

Compromised Users: 4

Third Party Employee Credentials: 1

External Attack Surface: 4


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abuse enom.com
MX Records
  • water-cc.mail.protection.outlook.com.
TXT Records
  • MS=ms66865690
  • asv=8c4feb3303996e25ed8847a0a6c230b3
  • google-site-verification=NIrdBTlzqrjj7HwYAZ0kO4S5t5QEv6ldDO97ZjGwrxE
  • k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrLHiExVd55zd/IQ/J/mRwSRMAocV/hMB3jXwaHH36d9NaVynQFYV8NaWi69c1veUtRzGt7yAioXqLj7Z4TeEUoOLgrKsn8YnckGs9i3B3tVFB+Ch/4mPhXWiNfNdynHWBcPcbJ8kjEQ2U8y78dHZj1YeRXXVvWob2OaKynO8/lQIDAQAB;
  • pardot811793=22c9f72a8e90725871330a92afe287cda09f9bea3cfa9e8607be1c27e0481827
  • v=spf1 include:servers.mcsv.net include:spf.mandrillapp.com include:amazonses.com +ip4:192.169.189.30 include:spf.protection.outlook.com include:_spf.salesforce.com include:aspmx.pardot.com ~all
  • zoho-verification=zb10526813.zmverify.zoho.com
  • EVCxnkzBJm2hWyTpeUC+2yVdggSHMR2pD3BkA9lJavJSrPCcpZJzg6X/9OXGTrOx+oYQNAZXe8PNMcrTQT9izQ==
Cloud / SaaS Services Detected
Amazon SES/WorkMail Microsoft 365 Salesforce Zoho Campaigns Mandrill

Leak Screenshot:

Leak Screenshot