📖 Overview
The threat actor claims to be selling a wide range of personally identifiable documents, including ID cards, driver’s licenses, passports accompanied by selfies, scans, utility bills, financial statements, medical reports, and PSD templates. The data allegedly covers individuals from all European countries, the United States, Canada, and parts of Asia.
📌 Key Details
- Industry: Unknown
- Threat Actor: Reclottoo
- Network: openweb
- Category: Data Leak
- Severity: Low
🔗 Claim Post (Plain Text)
Claim Post: Available on the Threat Feed for subscribers.
📸 Screenshot Preview
🛡️ WhiteIntel.io Access Infostealers Check
This section is available exclusively for paid subscribers in the Ransomware/Threat Feed posts.
🧩 TTPs (MITRE ATT&CK Mapping)
- TA0009 – Collection: Gathering sensitive PII for fraudulent use
- TA0010 – Exfiltration: Distribution of stolen identities via underground markets
- TA0040 – Impact: Facilitation of fraud, identity theft, and social engineering
👤 Threat Actor Profile: Reclottoo
Summary
- Total Matches: 1
- First Seen: 2025-08-19
- Last Seen: 2025-08-19
- Data Start: 2024-10-02
- Countries: –
- Industries: –
📊 Threat Actor Activity
| Date | Country | Sector / Industry | Type | Target / Site | Network |
|---|---|---|---|---|---|
| 2025-08-19 | Unknown | – | Data Leak | Sale of personal identifiable documents | openweb |
![IOC Alert: Lumma Stealer C2 Domain Identified – larpfxs[.]top](/content/images/size/w1304/format/webp/2025/08/23985762398576198764252-1.jpg)
