transportlaberge.com
transportlaberge.com
Group: cactus
Discovered by ransomware.live: 2024-06-10
Estimated attack date: 2024-05-22
Country:
Description:
Download link #1: https://***************.onion/TRANSLAB/PROOF/Mirror: https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/TRANSLAB/PROOF/DATA DESCRIPTIONS: Employees personal and corporate data, Personal Identifiable Information, financial documents, customer information, corporate and personal correspondence, database exports, etc.
🕵️ Infostealer activity detected by HudsonRock
Compromised Employees: 0
Compromised Users: 10
Third Party Employee Credentials: 0
External Attack Surface: 0
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- abuse namecheap.com
- 91fb5d112e2844d89b2be5b19846509f.protect withheldforprivacy.com
MX Records
- d88519a.ess.barracudanetworks.com.
- d88519b.ess.barracudanetworks.com.
TXT Records
- google-site-verification=iVjCeslDGVDAQNZCLu0VU7oV8pmrmI8AASIy8vHx6bQ
- ltXy9vDayoMNTTGC2abvxSCzChF+ADCWx/Ynff0nALw674FkfYRMgc50ND/aSa0PwwsOT5uRY1e/6Jcr5JHh2g==
- v=spf1 ip4:198.50.120.197 ip4:76.65.247.84 ip4:24.37.119.123 ip4:64.235.144.0/20 ip4:209.222.80.0/21 a:mail.transportlaberge.com include:spf.ess.barracudanetworks.com include:transmail.net include:spf.protection.outlook.com include:secureserver.net -all
- MS=ms81904886
Cloud / SaaS Services Detected
Microsoft 365
Leak Screenshot:
