Melexis
Melexis
Group: fog
Discovered by ransomware.live: 2025-03-06
Estimated attack date: 2025-03-05
Country:
Data exfiltrated: 482 GB
Description:
Extract from The 19 biggest gitlabs
🕵️ Infostealer activity detected by HudsonRock
Compromised Employees: 2
Compromised Users: 46
Third Party Employee Credentials: 17
External Attack Surface: 17
Infostealer Distribution
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- legalservices eurodns.com
- techdns elex.be
MX Records
- alt2.aspmx.l.google.com.
- alt3.aspmx.l.google.com.
- alt4.aspmx.l.google.com.
- aspmx.l.google.com.
- alt1.aspmx.l.google.com.
TXT Records
- v=spf1 a ip4:216.122.144.188 ip4:194.7.162.249 ip4:217.73.9.211 ip4:217.73.9.212 ip4:217.73.9.213 ip4:217.73.9.214 ip4:217.73.9.215 ip4:217.73.9.216 ip4:217.73.9.217 ip4:52.174.156.95 ip4:35.80.141.6 ip4:44.229.121.55 ip4:18.168.51.200 ip4:18.168.140.58 i" "p4:3.123.206.219 ip4:3.68.129.51 ip4:3.105.238.148 ip4:3.106.50.25 ip4:18.180.127.81 ip4:54.64.30.13 ip4:35.181.156.191 ip4:13.36.253.151 ip4:5.236.171.222 ip4:3.37.17.159 include:_spf.google.com include:_spf.salesforce.com include:spf.flexmail.eu include" ":aspmx.pardot.com ~all
- wdby727drrldkplp53fy0q0td229m4zb
- atlassian-sending-domain-verification=33d76995-3442-4848-9ec4-7d3a1edcea05
- atlassian-domain-verification=I1HkeN8nt1H6omkfTgwDpn6rEAW7k/Gt14KjMY9vNCafTh5fj7yAJFqbQxu4mDsi
- MS=B6D35F74BC09CC3AED4EB6E95C484C3905F9149B
- google-site-verification=eLMd57MaeS7CiE6HFnwrvt1OWB7O7Mh9GrLlGgUqb3M
- miro-verification=735fbd0189f569b1990678769c75da6cd7c74b1e
- docker-verification=2acc6332-a333-47bb-a298-9ff5ce78101a
- google-site-verification=nQ1vCA3LRPqhKP7EAnJiqU1sMgEU7ADtmUuMP4nEgzU
- pardot682633=ca9968904b1c8271e17856353dec33a0c2f6e62429ca375387ebcca9eb084f69
- google-site-verification=L5hwYW56uNQ5whn4scg7-dmTqu2y8vsanlTxMkO6txM
- 3dc2078f3c7c442d9529001f39a1e8f8
- v=DKIM1;r=postmaster;g=*;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfYPY8oa90gFkp5Pm9k8aIJb8WobELgEqVDU2//voEFpzrn/NyVN72v8rCP2mLHb7ki9LcizPb475sq9NSuV6Xa/ByvIVJtoGSI67GD93C0+FeCz6sSGMBXo0bPe11SCH8VS7tHR6Ouf2Fe0+6DY81xhyGHHyU//ZxXQ7TbMShSiukSPiZ" "ou0szObckkYvoKrblmvBR3XdEobMirdehsJaYOfZpYnKq+L5ZvJ7PBRwnEZJff+4zFkRFIMapUc/RIDavXftSNHRIqot6myugSE2uKXfTFZygaZGvn+FCKqO0mT04yBlBJLhZotXzFmjaaSboGrZbVpaLicGhXWYuExQIDAQAB
- p8mpl08cykm0v24sz6yrdwf29tr0xzm5
- spf2.0/pra include:spf.flexmail.eu ?all
- google-site-verification=80-4BwtPUtVzTLV1ij-gadj8DEvdRF2-KXtFI5ZVazc
- _k4o992gu3ms8uv5kmmnw0nqlkz4gu6n
- google-site-verification=IcnxX_Sr8LvMgmgY7HA0e3vWPq83PXBcdctTCmLFMy4
- pardot682633=0d7d1fbd671a5e20346f75ef4a8e15fc9f8129c067507e1606cc6398ae5d795f
- atlassian-domain-verification=kyA7anzCl7l2PtK/VLbSo63aUpUXJZjcy8dYytSNFOtamRSWWVwQDh5nXcphkQLv
- google-site-verification=M8CMGKHGTmkqCKLmEVKehTm7hNeoyR4Z1ni0NG9tI5o
Cloud / SaaS Services Detected
Atlassian
Salesforce
Miro
Leak Screenshot:
