Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks


Group Clop
Discovered 2024-12-24 23:05 UTC
Est. attack date 2024-12-24
Country US

Description:

Presumed victim name: Encompass Health - Cl0p announcement. We have data of many companies who use cleo. Our teams are reaching and calling your company and provide your special secret chat.

Infostealer activity detected by HudsonRock

Compromised Employees: 82

Compromised Users: 260

Third Party Employee Credentials: 36


External Attack Surface: 38


Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operationsweb.com
MX Records
  • hpp3.healthsouth.com.
  • hpp2.healthsouth.com.
  • hpp4.healthsouth.com.
TXT Records
  • MS=ms68344540
  • _55trye9jhypmyb0c5ua5b4t1vwlmfoc
  • meltwater_sso_20240807_TRITON-22228
  • smartsheet-site-validation=tXqiC1HaBCWyacYTGS2AwMNlC5W49_e2
  • dtm-domain-verification=9FzXQyUjeslJEe40XSo-MfHgDu7PuCLvCnG-9hJ7j-Y
  • docusign=4b46fed0-14bf-4bc9-b1b7-1bc77b7ad833
  • cisco-ci-domain-verification=7227efaf99c359eebbcf7599225d333cea631c26fee8e192356ab982e90703d3
  • ZOOM_verify_mmX46nzwWtGBTXa6RqdsFv
  • apple-domain-verification=8tRwRvJ2rFPJOuAb
  • facebook-domain-verification=290jrboyj1fa0rhmafk8rn61rmakpp
  • google-site-verification=hQ7YZROo-LKMiwfeyNt9WnFnxtyMPqG-ge4cqAoToHo
  • sitecore-domain-verification=94438cbb00f745f2837852fb008a6c5b
  • dtm-domain-verification=-4Ntmri41hS2z_GbSTyZZ0b2WP_vIYFFR8Em-78YrjQ
  • google-site-verification=GyGIbSqkRL5pOOuKKCF4LAV_nfbXbYPBh5Z6vZpMD9A
  • v=spf1 a:healthsouth.com a:encompasshealth.com include:spf1.encompasshealth.com include:spf2.encompasshealth.com include:spf3.encompasshealth.com include:spf4.encompasshealth.com include:spf5.encompasshealth.com ~all
  • JtESH8mzgAQe4Oyzvru/FWpS8Ryhb5CTYEwbyjAWLwgjEmz3C6QTGzzLWlmoF4qMwO9QspMGKWdw9QcBw1BpWw==
  • clickup-verification=30ua4ExevVvEQnH9YdtRgNIRljoBYV71LIzZAi37orM=
  • apple-domain-verification=XpqsYEFHVhyyxXkh9bj7SLFBfp446JotJrlWA1V4j9c
  • adobe-idp-site-verification=b0141fa86f1c9440caeeea7947a98b22a5c84eb109f2fc78d683c73934acb9b0
Cloud / SaaS Services Detected
Adobe Apple Microsoft 365 Cisco DocuSign Zoom

Leak Screenshot:

Leak Screenshot