Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Logo

AUTOCAM MEDICAL

autocam-medical.com
Group Blackbasta
Discovered 2023-04-28
Est. attack date 2023-04-28
Country BR

Description:

Autocam Medical is a privately held contract manufacturer of precision-machined surgical drill bits, drivers, screws, plates, cutting tools and other complex, highly engineered surgical implants, instruments, and handpieces, as well as other device components. Our clients are involved with instruments and devices used in the following anatomical areas: spine, foot and ankle, hand and wrist, hip and knee, shoulder and elbow, and craniomaxillofacial procedures.We offer a value-added approach to high-precision manufacturing, with specialties in CNC milling, turning and cutter grinding. State-of-the-art equipment and design for manufacturing engineering add value to the entire manufacturing process. ISO13485, FDA Registered, VISA (Brazil).SITE: www.autocam-medical.com Address 3607 Broadmoor Avenue SEKentwood, MI 49512, U.S.
Infostealer activity detected by HudsonRock

Compromised Employees: 1

Compromised Users: 0

Third Party Employee Credentials: 1

External Attack Surface: 1

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations@web.com
MX Records
  • autocammedical-com01i.mail.protection.outlook.com.
TXT Records
  • duo_sso_verification=neAa2blbJsFao0Fp69IbHdLjSgR5uPQUTNjmh2N1EwNVOWHCTRYGQA3DMNZp3TpJ
  • docusign=20c07c5f-a07c-4580-b609-61ee06223a17
  • 22139eb1c493a6ea729c58682ea293f4
  • twilio-domain-verification=810a38c70fb333c833292e626100399c
  • r8bS7AJsiLN6Drpx7B/39CAZNShOBU/jcVLzfM5LO66EMgwJdvtygDn4Skj6AxcMmyqIWW48Pg27IY9fJU0aww==
  • UuY7V1CkynTn02WJvxUZF7JtoKAT5xNL8nipbQ9lAWer1WcAEbwCcjpQeCEgccHhJrizIy6bwa+eAwS8f0Pymg==
  • MS=ms27188584
  • google-site-verification=XDDvEZr8XWQDxf5M42Em0dBXVfdNhF9GxYu-FomzvQo
  • sr5q1f86i38mc1bkgpv76iebkm
  • google-site-verification=Q1nglciRSE9OMXhPt4E1qtkxQwxyr1Wi4tXnZoLG4fo
  • apple-domain-verification=vKckVcp3pEWKNgx0
  • rd7rdi5kpvrongs8mj5r21938v
  • h7j2dautmvpc33mvirjc5p778v
  • v=spf1 ip4:64.132.201.93/32 ip4:74.203.211.13/32 ip4:207.67.44.189/32 ip4:3.145.232.16/28 ip4:205.201.136.122 include:spf.mandrillapp.com include:fdspfus2.freshemail.io include:22408839.spf07.hubspotemail.net include:" "spfa.cpmails.com include:1y6pdoc0l.spf.checkpoint-spf.com include:spf.protection.outlook.com -all
  • Foxit-domain-verification=6778b407b37ad6e5840878b7f00e6139
Cloud / SaaS Services Detected
Apple HubSpot Microsoft 365 Mandrill Twilio Cisco Duo DocuSign

Leak Screenshot:

Leak Screenshot

Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.