Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo tcw.com

Group: Lockbit3

Discovered by ransomware.live: 2023-11-29

Estimated attack date: 2023-11-29

Description:

TCW is a leading global asset management firm with five decades of investment experience and a broad range of products across fixed income, equities, emerging markets, and alternative investments. TCW’s clients include many of the world’s largest cor...



DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations web.com
MX Records
  • us-smtp-inbound-1.mimecast.com.
  • us-smtp-inbound-2.mimecast.com.
TXT Records
  • infoblox-domain-mastery=25c2970244eaeecfbfd7c0eb3eb2da04a18f6eb9ee16cce58ebc5b8d64c29b50b9
  • paloaltonetworks-site-verification=79cbc60fb96ca487825f261246ee6ce1a15dbfbef4e11d0f1b3d1553cf6e7586
  • adobe-idp-site-verification=9e87802f-c8a8-42fb-add4-d4bf444e4382
  • v=spf1 include:us._netblocks.mimecast.com include:spf.protection.outlook.com include:_spf.salesforce.com ip4:170.10.133.222 ip4:170.10.129.222 ip4:208.185.229.41 ip4:198.186.138.3 ip4:208.185.229.42 ip4:208.185.229.43 ip4:208.185.229.44 " "ip4:208.185.229.45 ip4:208.185.235.41 ip4:208.185.235.42 ip4:208.185.235.43 ip4:208.185.235.44 ip4:208.185.235.45 ip4:174.128.1.123 ip4:173.245.103.4 ip4:10.222.205.165 ip4:65.216.122.56 ip4:136.146.210.17 ip4:205.153.177.166 ip4:205.153.177.167 " "ip4:148.59.108.0/23 ip4:148.59.106.0/23 ip4:208.86.168.7 ip4:192.200.2.36 ip4:192.200.2.37 ip4:204.136.27.35/29 ip4:192.200.1.206 ip4:192.200.1.207 ip4:13.108.238.145 ip4:205.219.118.0/23 ip4:205.219.115.192/28 ip4:20.121.154.16/28 ip4:135.84.68.123 " "ip4:198.37.150.59/32 ip4:144.121.162.242/29 ip4:208.91.114.151/32 ip4:52.38.191.241/32 ip4:208.74.204.0/22 ip4:167.89.0.0/17 ip4:208.117.48.0/20 ip4:50.31.32.0/19 ip4:198.37.144.0/20 ip4:198.21.0.0/21 ip4:192.254.112.0/20 ip4:168.245.0.0/17 " "ip4:149.72.0.0/16 ip4:159.183.0.0/16 ip4:134.128.64.0/19 ip4:134.128.96.0/19 ip4:223.165.113.0/24 ip4:223.165.115.0/24 ip4:223.165.118.0/23 ip4:223.165.120.0/23 ip4:35.82.245.95/32 ip4:44.242.71.197/32 " "include:spfa.cpmails.com include:47302875.spf01.hubspotemail.net include:em7276.insights.tcw.com include:clientservicesoktaemail.tcw.com -all
  • docker-verification=c83a9898-84bf-449d-a4dc-99ba1b60a14e
  • globalsign-domain-verification=209cf7c997695bf879e956f438b8c151
  • pardot_274102_*=0560fca6b3c73bf7c1a7fe9ed924abcfba2b87b00647d9979d3fefa30bf61197
  • hubspot-domain-verification=MTczN2YxODctY2NkYi00ODAxLWJjODktYjgxYWNiZmM1OTVl
  • globalsign-domain-verification=FAA81BB56E4B57D007A009681A60EB97
  • globalsign-domain-verification=0A4A417C07D5549F5830FBE7116797D0
  • Dynatrace-site-verification=b31f8e07-7863-481b-8c34-e1c8484262d5__ufk77u16lj033c0t35udrcr0l2
  • vzqzFtBKWPsIi4tV2CC4+jpSMAgnYhIJ1NbIN+dRSjHVQrUtNCrAaITCFYJhG+D954VfJKdcHH2q+W3xdjnOOQ==
  • docusign=f2fac9ef-6da0-4df5-9936-f731bf646181
  • twocpqfT5CMUOpuPnk79jih+5o1eBImAFww5RptiVod8NBSQNgW+4NNKT26fh1gFIxthv2G9FLLUO9OZkcXCCw==
  • box-domain-verification=1ce46ce21a7e5fb63b40aefe65792590d0f502437b5aa2cc29b0ad0dafbc293c
  • apple-domain-verification=8Yd69BIevo3uh0OO
  • globalsign-domain-verification=F30BA8ED1BB84E95D2ACC2DA89351FFC
  • docusign=9ccdfdea-f4c1-4e48-abc8-7216e8c9a1ba
  • monday-com-verification=T5tTAt2OTVUOd6ewSzvIu6qftiMiRbIld1hmdrjsnQw
  • jamf-site-verification=GtRt8_YkKGVfVHRxqckIjA
  • globalsign-domain-verification=62C44A58F2114576B409FFB40A0B2918
  • _1hjrk4ykgsu1kryfzvcft5nh23bsral
  • s261ytngtrvkqqzpb1jcv5mclfq90yh6
  • duo_sso_verification=BKqV9YaonHQ0kB5FiD2bjsSZ5HyLtXLuLgSw56udT3DoCPTjMmPaEjkfVbEBnHRE
  • _globalsign-domain-verification=55h_tLjicc16GaaqCqaKlHpsijDqPRrafvPtPSBqNv
  • _globalsign-domain-verification=jT2ttas5y-L6Hf4lVacMSzQCnm2WbVRHBbo8FZHsxr
  • pexip-ms-tenant-domain-verification=a3e98fff-2e93-49db-80ee-833491cae6cd, pexip-ms-tenant-domain-verification=value1,a3e98fff-2e93-49db-80ee-833491cae6cd
  • atlassian-domain-verification=mNJEqqcVWIRvGn256PeI95/L2GJBdAWcGATyYNQX3a1rNQyx2C57qz8DNOZXCFfQ
Cloud / SaaS Services Detected
Adobe Apple Atlassian HubSpot Salesforce Box JamF Cisco Duo Mimecast DocuSign

Leak Screenshot:

Leak Screenshot