westfalia-automotive.com
westfalia-automotive.com
Group: cactus
Discovered by ransomware.live: 2024-06-24
Estimated attack date: 2024-06-24
Description:
Download link #1: https://***************.onion/MONOFLEX/PROOF/Mirror: https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/MONOFLEX/PROOF/DATA DESCRIPTIONS: Personal identifiable information, engineering data\drawings, employees and executives personal files, financial data, customer information, database exports, corporate correspondence, etc.
🕵️ Infostealer activity detected by HudsonRock
Compromised Employees: 0
Compromised Users: 7
Third Party Employee Credentials: 0
External Attack Surface: 1
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- abuse united-domains.de
- whois united-domains.de
MX Records
- westfaliaautomotive-com02c.mail.protection.outlook.com.
TXT Records
- oajvohgp94ienundldpeqbr4a0
- v=spf1 a:schwerin.westfalia.local ip4:151.189.99.119 include:_spf.google.com ~all
- v=spf1 a:schwerin.westfalia.local ip4:151.189.99.119 include:_spf.horizonglobal.com ~all
- v=spf1 include:spf.protection.outlook.com -all
- v=spf1 mx a a:smtp.twt.net include:inxserver.com -all
- MS=ms55580721
- Qwor8VoHm0I2tviUbr6nAhLP2tUgCYok9LpVCkHSfoc6W2SNPR6PmvTXbyaxMxsaRujh81MT+pLyWAczkjufpw==
Cloud / SaaS Services Detected
Microsoft 365
Leak Screenshot:
