Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo Billaud Segeba

Group: qilin

Discovered by ransomware.live: 2024-12-02

Estimated attack date: 2024-12-02

Country: FR

Description:

Company has 48 hours to contact us or we will post all data.

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 1

Compromised Users: 6925

Third Party Employee Credentials: 4

External Attack Surface: 101


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abusecomplaints markmonitor.com
  • whoisrequest markmonitor.com
MX Records
  • us-smtp-inbound-1.mimecast.com.
  • us-smtp-inbound-2.mimecast.com.
  • mxa-0042bc01.gslb.pphosted.com.
  • mxb-0042bc01.gslb.pphosted.com.
TXT Records
  • google-site-verification=o9iKGrOMdBp_NYSpUvDUa4okJHX8lafcD0rCjFoyBTU
  • MS=ms38951267
  • google-site-verification=gA2P07VwyAI8D1HzwOO0Q7gVOnctkRTliJ8FxgWyjK8
  • google-site-verification=460JvyZeIw91-DWG0ZEsnAGMxMiSPVug2qJcXevHCDE
  • _n4k3s4c3lnx9uq8loq8e4qrgizqenc4
  • airtable-verification=7d5c4bb1083aed6e27cd99985c49ac81
  • atlassian-domain-verification=nLP991XRIVfjHgLMjm0qm2oeZMikTd77NgfuPXxrIBqkkkTZgr9asQXYd6scjmaI
  • hUHXNRkPrDG/vT7H4SJCG2xTF9fMTKMhfuP72fEgCsrux2DijrADGxZIfaNs6lR/5qzfiHU+CyR6mSxGMXexKQ==
  • brevo-code:3fc323c894e26fcbb4611b5486a7dba7
  • hubspot-developer-verification=MWI1YTkyNDctODZmNi00MTBhLWE5MTYtNDBhMWEzZTQ2ODg3
  • zapier-domain-verification-challenge=db195766-a847-4db2-b88a-459d5695aa90
  • google-site-verification=Ykk1G2OZGjvrWYGXMqhUO9ADxZAa2u7wl2jM7-VRI8I
  • cisco-ci-domain-verification=75cb9074f645f91ce729c4564e1e073eaa626bf0466be6b5e8028e29613f9b60
  • 7s5ys3r5gsrzsm1lxdhgmp6903dfypp0
  • verification=b384fc086e99452bad93e15dfbe59451
  • hubspot-developer-verification=NDNjNmJlZDYtNGVhOS00MGQxLWFlYjMtODkxZDY2NDc2NmY0
  • facebook-domain-verification=8xqew8kv8q2qml8urdur3wijr5ginf
  • segment-site-verification=90RRtjxCS6RhpBwQXWa4KZwBygYQCOBT
  • _qkt0vyeudqdmyimlu1sicmvr5yhojvo
  • _elastic_domain_challenge=6e1e719d7eb9dfeb13b9f6e7f64414e005d1a4da36c43074b06c0ccdb6634fe3
  • ecostruxure-it-verification=63b73ded-c9a0-43d5-a4bc-13bc4b86cdac
  • pendo-domain-verification=155ca67e-9833-4698-b886-9215b2431dea
  • wiz-domain-verification=8df7ec58ab5c882d7d7bad1df1200d77f97a5c7f898ea1ef0904511e9954ca91
  • MS=ms65324670
  • asv=2d91cb2d6544d7a3891d743d45d5cc45
  • google-site-verification:m4g1eOID25e-EuZCXCXyalWrcskGHtkDMI3A4-0qjC0
  • 33904d6d-5e21-4a18-8e46-b170ae80b68e
  • google-site-verification=lBWYr74utT4FeN7oUCykhwiW1woGDhS7S0A4M7isQhA
  • MS=ms33572304
  • v=spf1 include:us._netblocks.mimecast.com include:_u.zoominfo.com._spf.smart.ondmarc.com -all
  • google-site-verification=gg10WGEg16Cp7M5hcqsTRxE0K_f34PWizql6mjRUOPg
  • google-site-verification=Ck8kCbNGwHAEOnj9O7xMBPG0WBXl1bTju9N2mvtpYWo
  • google-site-verification=-ukM4y3JvL3Toa2D44DXo_b5u7wwUhaaVYfFzPHzP5I
  • postman-domain-verification=8eea31cc5b7cfbfff163d605845f51d65296766bb351bc622935839be65abffc31a03fb67bd1c4fa744760df4f04d4e7586c7ead877f00eda7849bb0b71ade13
  • smartsheet-site-validation=oCkvv_UFOL0zilzID65xfuiYGFuME7lx
  • docusign=4e925286-966b-4869-81ec-23fbbe116a16
  • box-domain-verification=03a9187e13251fb31e146271331be39f6465c7691b6c597729582302d1b2e4bd
  • 0ed1fe018a83a1a25394024dadbc718d52c026f8eb
  • asv=1d6c4fb60f2790b5d26fed0bb12bd115
Cloud / SaaS Services Detected
Atlassian Box Microsoft 365 Segment Cisco Mimecast DocuSign

Leak Screenshot:

Leak Screenshot