Sponsored by Hudson Rock – Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks
README.[rand].txt
Good Day,
Your network has been accessed and has been placed in a restricted state.
The intrusion was performed through existing weaknesses that allowed unauthorized authentication, lateral movement, and elevated access across the environment.
During the activity, a portion of internal data was copied from your servers
This included documents and other files that were accessible under the obtained privileges.
No further modification of the data was performed (on our servers).
This notice confirms that operational control over certain resources has been established and that the extracted data is currently in our possession.
System availability and the state of the copied information will remain unchanged until communication is initiated through the designated process.
Begin the communication process (www.tor.org):
http://ui2uleaiisccbtcooyi34cy5u3plpd5wraiza6wtibolshuf7tnzziid.onion/chat/[snip]
Password For Login: [snip]
- Evolution
| Type | IOC |
|---|---|
onion url
|
http://ui2uleaiisccbtcooyi34cy5u3plpd5wraiza6wtibolshuf7tnzziid.onion/chat/[snip] |