Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo MedImpact Healthcare

Group: Qilin

Discovered by ransomware.live: 2025-10-27

Estimated attack date: 2025-10-27

Country: US

Description:

N/A

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 7

Compromised Users: 164

Third Party Employee Credentials: 3

External Attack Surface: 62

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations web.com
MX Records
  • ca0.mx.medimpact.com.
  • az2.mx.medimpact.com.
  • ca1.mx.medimpact.com.
  • az1.mx.medimpact.com.
TXT Records
  • SFMC-C11QHefbcO530WZ-80j0Vf4zRBP-rtoRGwY1OVfC
  • smartsheet-site-validation=rZZtEPvJz4e_4Fq8goCNYEgmY3984ql4
  • 5858597c-fe61-47dd-9baa-6bee83acead7
  • google-site-verification=B20f2-qJdBkivq1fXBnB9y_BYoVowH2FyUJB5uPHtDQ
  • mongodb-site-verification=Gv7MrpYMxSAuOZzgK91Dbz4CEieWHosT
  • v=spf1 include:spf1.medimpact.com include:spf2.medimpact.com include:oktamail.medimpact.com include:_spf.salesforce.com -all
  • miro-verification=a6595e193fbb9e5b660a8f697c46f775dea84064
  • cisco-ci-domain-verification=52ef1be6ff9f20d11a91ebe3b2dd31f52163420e337f2e925a28e4e020809fbd
  • trend-micro-v1-domain-verification.d1b53c65eaf1e575ffd764221166d0b5=1b3b9c7d-a605-4344-85ea-16505aedac42
  • apple-domain-verification=EYng95947CjoJCzS
  • LR+qoT3T2pALVMmrN2PWYZuVyH+AdGZicbxnJaK62MMrd4A/BU4Urs3efTv1UzDPdJk0dGRZwZogT98C74G2UQ==
  • 5e6a5c5d-e6d8-41d7-bb25-3700d0647389
  • duo_sso_verification=ATq8qerMV5XSBk3xUNMT563qQcVmtuX3s1DaOYoaSfZRFX4isTP1R7nlYbEIcHyc
  • _sfvjbbcmd40do5ykdnu8jb5dictaefm
Cloud / SaaS Services Detected
Apple Salesforce Miro Cisco Cisco Duo

Leak Screenshot:

Leak Screenshot