Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo NTT Data/Vectorform

Group: Coinbasecartel

Discovered by ransomware.live: 2025-09-15

Estimated attack date: 2025-09-15

Country: US

Description:

NTT Data is a global IT services provider based in Japan, delivering innovative solutions across a variety of industries including finance, healthc...

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 1000

Compromised Users: 674

Third Party Employee Credentials: 1295

External Attack Surface: 138

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • support psi-japan.co.jp
MX Records
  • mxa-004dc302.gslb.pphosted.com.
  • mxb-004dc302.gslb.pphosted.com.
TXT Records
  • _globalsign-domain-verification=ds-N2WIymaPgeQStMRRFBCpoCD_bXwTWDXdnyQ0t6O
  • miro-verification=74a3ffd0198a638bbfdf92ea861249ce8cb8f3f7
  • pardot970163=9ca945a28c4cffe8a45d45a51fcd625f635fc9ee6ad95f1b548a3b7837bc325b
  • wrike-verification=NTQ4NzY0MDo3NGJmOGJhMWM1NTQxMWU1N2Q3ZDllNjNhZmY3ZmE0YmY3YjhmZmY4ZjAxZjJmOThlODY0NmNmZDMyMTIwZThk
  • smartsheet-site-validation=V05zDz4bvPwH5MRRJ_AK4m4v3eqtQNoV
  • pardot836223=81fff967169843b79ee61a5bd539f1d3bfc3d63aa700db5d5221630e20d411e1
  • _globalsign-domain-verification=HhWkAnOsUjQnnHsmq4cUPogJecCGIsSvsFbNVee9T_
  • pardot836193=1224cc34fa604c049943d26ff7c94be3112921c5e1282d0baccaa431e816a5ad
  • pardot_312401_*=d10d98f5ac7269584abf0eec79b76732e7ec6226d1562b71d2a82a7e507d46b5
  • openai-domain-verification=dv-IG4kU1T6Nkl3ZzfjtTU5o4ze
  • google-site-verification=Rc03OAPELbB5k-cxg8bTMYEFb2kJmY3DdiaA5Gwi_JU
  • adobe-idp-site-verification=00054bd1d50ba05bd6162db4438c40f16fd606fb03e65720a26a6c2d0f11d021
  • google-site-verification=VGLMdzXGjSiXupIiBQ_vU1SLuxqSlQoseHpLRGvbey0
  • miro-verification=bcef0e4977e1e8f8c2f7a9b22901201860d479f8
  • IYCaPpE/G9R7+Cdz3PZ0H9lxeWw/+4+i+nf0x9WH+jt8Qtb5b2xqMQzKwmciZs8/vE91adHML9HagZ28erFCPw==
  • pardot60932=2ad556ca193e6979db6b2c9c90ae48e42bed4f1d7e126e8b068baf942ecba215
  • webexdomainverification.4C675B8B7EAAB136E053AB06FC0A3F65=f1961d37-d75a-4f6b-8224-b5d3d802b2df
  • _globalsign-domain-verification=H3aOg1B7Eyh1pBhtKjRcnnuPoT_3-w21EBYmx7X59u
  • v=spf1 include:servers.mcsv.net include:spf.protection.outlook.com include:spf.jobdiva.com include:aspmx.pardot.com ip4:205.220.162.213 ip4:206.180.193.143 ip4:206.180.193.144 ip4:206.180.193.145 ip4:98.142.93.195 ip4:192.131.85.3" " ip4:141.77.1.126 ip4:141.77.1.127 ip4:141.77.1.128 ip4:89.96.244.55 ip4:59.167.68.40 ip4:189.125.136.227 ip4:217.56.29.13 ip4:206.180.193.80 ip4:206.180.193.81 ip4:206.180.193.82 ip4:167.247.216.0/22" " include:_spf.qualtrics.com ip4:163.135.193.192/26 ip4:103.51.48.30 ip4:185.132.183.33 ip4:185.183.30.93 ip4:185.132.183.31 ip4:185.183.30.89 ip4:3.113.157.113 ip4:107.20.210.250 ip4:52.1.14.157 include:amazonses.com" " ip4:130.214.193.83 ip4:130.214.193.93 ip4:130.214.193.78 ip4:130.214.193.85 ~all
  • _globalsign-domain-verification=0H3fuZwTx2C4J03Z0lo8tGOzn4dmGwgKE97WY20co8
  • openai-domain-verification=dv-07ddp1v0dSWt7s0PYKkoJJEo
  • apple-domain-verification=giwucGLa1aJYBgaY
  • pardot547422=a066810a35420ac4d8d632fd5ec5318f9d78af2e9d462942c572477f6c4333d9
  • pardot1000551=cc4638b8c6a348a640faf736adaf79559ed382dc05977f6624b21ca3955c96ec
  • sending_domain1000551=492779bffe5f417616dfa9871a9439bb8d27720e93786ff0c7bbde38b39b930d
  • MS=ms39092878
  • _globalsign-domain-verification=ixp-BJfzW-MnQIwLM59MrGvNFW08ysQDc7MvyxCRa1
  • google-site-verification=1xfaqC5-BYsOMr7fLawPypNuey3xg1TqHmgmWrGFFa4
  • pardot836203=03da1353d816fe74d78c7d37d70d538ab6c3e231139a098f7d9a96e590a19a12
  • _globalsign-domain-verification=USY6GpplI4g6zGd8jxhqKs7X4uD1yeAOQ6QklZ-Aao
Cloud / SaaS Services Detected
Adobe Apple Amazon SES/WorkMail Microsoft 365 Salesforce Miro Cisco Webex

Leak Screenshot:

Leak Screenshot