Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo wings.travel

Group: Lockbit3

Discovered by ransomware.live: 2023-05-16

Estimated attack date: 2023-05-16

Description:

Wings has led the market in managing complex travel and support services worldwide, with particular expertise in developing markets and high-risk destinations.



DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • No emails found.
MX Records
  • za-smtp-inbound-2.mimecast.co.za.
  • za-smtp-inbound-1.mimecast.co.za.
TXT Records
  • _globalsign-domain-verification=843ffM4-d_GNSESMFI8YDgV7eewFkxpD6mj3Y_YxvE
  • atlassian-domain-verification=ayaCrb6t4VDvkLSdt7ZKS868U4KaQLt1N/DotG225D3eeR1XBtHGwmrbIYEU5bmb
  • include:spf.mandrillapp.com
  • l6uqqpos92i8i2uqi4lj01ajp2
  • pardot1061792=6c90074d415fb83c6758ab170e09d71b0217d8bc2e5654ddf87ad4f7d4f62ccb
  • qyJtOHacKrvDXuWVnMH/X39tQpMwSGX1PwEmllTFkYBVSobIEWyoFyP761oR13pQYVkRro783zwiG20VRlkefQ==
  • sending_domain1061792=cbb8f3a2822fb0ab3517694c60d32c23cac0784f6d3a6a2d96a3a016072b8fbe
  • v=spf1 ip4:82.150.225.79 ip4:171.17.133.140 ip4:171.17.131.35 ip4:171.17.133.100 ip4:167.89.0.0/17 ip4:168.245.0.0/17 ip4:194.116.128.11 ip4:27.126.146.0/24 ip4:103.28.42.0/24 ip4:146.88.28.0/24 ip4:156.38.149.0/24 ip4:81.171.5.0/24 ip4:116.202.93.120/32 " "ip4:203.55.21.0/24 ip4:204.75.142.0/24 ip4:163.47.180.0/22 ip4:43.228.184.76 include:za._netblocks.mimecast.com include:_spf.psm.knowbe4.com include:servers.mcsv.net include:spf.sabre.com include:spf.mandrillapp.com include:spf.apptivo.com exists:%{i}._sp" "f.mta.salesforce.com ~all
  • MS=ms57715115
  • MS=ms82864603
Cloud / SaaS Services Detected
Atlassian Mailchimp Microsoft 365 Salesforce KnowBe4 Mandrill Mimecast

Leak Screenshot:

Leak Screenshot