Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

EMSBILLING.COM

EMSBILLING.COM

Group Clop
Discovered 2023-07-26 20:43 UTC
Est. attack date 2023-07-26

Description:

Just a moment...

Infostealer activity detected by HudsonRock

Compromised Employees: 4

Compromised Users: 39

Third Party Employee Credentials: 1


External Attack Surface: 29


Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • 3aab5506da0c4641ce5bba45ec7aeaf6f3d51d69929fdd2c7c1ef64088a6edfeemsbilling.com.whoisproxy.org
  • 3aab5506da0c4641ce5bba45ec7aeaf6259d05463e4f810997252dfc337d0d28emsbilling.com.whoisproxy.org
  • 3aab5506da0c4641ce5bba45ec7aeaf65feff656bc7d68eb349a7155530bf902emsbilling.com.whoisproxy.org
  • 3aab5506da0c4641ce5bba45ec7aeaf6ed1c3c5c798a75c7769dc96d246598abemsbilling.com.whoisproxy.org
  • trustandsafetysupport.aws.com
MX Records
  • us-smtp-inbound-1.mimecast.com. Mimecast
  • us-smtp-inbound-2.mimecast.com. Mimecast
TXT Records
  • atlassian-domain-verification=YyGmAk9A2LAA7phBHyqyB49OVDagH+jh6SxH5Rk0scPG86bcjJzer2jM28+UwWXF
  • google-site-verification=HqPEzyH-T-VLiey_qbNaz7q9sikjn-M9aXnbrbRtAoE
  • google-site-verification=TTZVYdM5anJEuIhYu-b4J3zJ4AKVlumAa0_L21fsf1I
  • intacct-esk=F6F6B1D04224A563E0533606690A124C
  • smartsheet-site-validation=AqTqy4hFpvM_c853w4KVNIIRarD0H377
  • v=spf1 include:spf.protection.outlook.com include:us._netblocks.mimecast.com include:_spf.atlassian.net include:spf.myconnectwise.net include:spf.constantcontact.com include:_spf.salesforce.com include:_spf.intacct.com -all
  • v=verifydomain MS=6706628
  • ZOOM_verify_ITJw6KjlTQGyk7YwaDtCWw
  • _0u8gn5czjfxxp2d2vo9qb6hprpyg8o7
  • atlassian-domain-verification=RMNjzMw7RkhtixTqcIBanyfcJZcnWd5E/lFGRm3pIt5hz6PLfqwyElm3wI9CsiB3
Cloud / SaaS Services Detected
Atlassian Microsoft 365 Salesforce Sage Mimecast Zoom

Leak Screenshot:

Leak Screenshot