Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo xdconnects.com

Group: cactus

Discovered by ransomware.live: 2024-04-18

Estimated attack date: 2024-04-02

Country: NL

Description:

Download link #1:  https://***************.onion/XINDAO/PROOF/Mirror: https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/XINDAO/PROOF/DATA DESCRIPTIONS: Hundreds of Personal Identifying information (passports\driver licences etc.), database backups, financial information - statements, payrolls, various confidential information, sales\customers data, executives and employees personal data, etc. 

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 0

Compromised Users: 33

Third Party Employee Credentials: 0

External Attack Surface: 5


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domainabuse tucows.com
MX Records
  • cust61512-1.in.mailcontrol.com.
  • cust61512-2.in.mailcontrol.com.
TXT Records
  • MS=ms17769217
  • v=spf1 include:mailcontrol.com include:spf.eu.exclaimer.net ~all
Cloud / SaaS Services Detected
Microsoft 365

Leak Screenshot:

Leak Screenshot