Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo Sopra Steria

Group: ryuk

Discovered by ransomware.live: 2020-10-20

Estimated attack date: 2020-10-20

Country: FR

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 435

Compromised Users: 237

Third Party Employee Credentials: 313

External Attack Surface: 162

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domainabuse cscglobal.com
MX Records
  • soprasteria-com.mail.protection.outlook.com.
TXT Records
  • google-site-verification=pt8wVC9C0BYCAB1A0xeqW8p4Q4y-G90sH5fhZCNV3Ns
  • adobe-sign-verification=88ad4b557d274fc922a3abc67b899f34
  • ZOOM_verify_3e32mU1k36kGQgPnuW2TL5
  • Dynatrace-site-verification=a3c7622e-5a0d-4a4b-b909-24bc45c69c7c__pm8onfj39o09l942huv9ikb3db
  • atlassian-domain-verification=/XqtuF54Oze30XHjnyaNTpgCNDOwSQ7L61R5Ih9USEyMbsKqELiXRNEuvIzyzKOi
  • atlassian-domain-verification=Fa8GgVIJjJnM21lIdWb6MpLrfT0PTlIofIXNyGc5de80nVa/FSBiaFkJAGCifOt5
  • pardot949262=5405775ce42426ad51cf8abae0d987dfcb918b04ada8ef83e987b7bdce46db65
  • cisco-ci-domain-verification=48a28e8ab2cdf70bcf2260166868c5791f566313f7384dd49482adbcdfa48415
  • v=spf1 mx ip4:18.168.51.200 ip4:18.168.140.58 ip4:212.180.1.59/24 ip4:84.37.121.0/28 ip4:194.206.23.33/32 ip4:170.207.37.144/32 ip4:170.207.37.145/32 ip4:170.207.39.152/32 ip4:170.207.39.153/32 ip4:143.47.149.171 include:_spf.atoracle.com include:spf.prot" "ection.outlook.com include:_spf.prod.hydra.sophos.com -all
  • 0RWfUqLN+ScTYklY0ZdjQLtNk9ENW83L5Cv6evaH0TNegL3hHHv4vDOF01q+2CfKSN+nx4TWM79/Q+7nipHbTg==
  • miro-verification=d0c5901aaeea8813ecd02c0619ba682cf246442b
  • H2/tacVkLJhAUTzIbeLtSPL4QZhg5snxAqPIY7Hmms/wWU+bCRQ5KvZG4YWprjRgfhE+TJpLVolZQ9CGjdRMVQ==
  • google-site-verification=mVL1H_fuD6YUSexQ74t3SKjDnqAfa9br1Q8fICOdGbY
  • MS=ms43141970
  • MS=ms46102620
  • sophos-domain-verification=f76890f1fbe76a7b8a141f81948fba5249a3d7f9
  • sending_domain949262=758d08a2869e54f76660bcca486d85093b396ca6c8e45a5238bc33542a4b22a9
  • atlassian-domain-verification=w2qAaE3t7QhyNUR9jevQ2aU2IHv/Z35Xv5ADbjxenfzEQ5pH0QhsA2sVORDjH/l2
  • atlassian-domain-verification=vt1wpiE6TYQn6jkix1jlU5X83WJjMMchbK6kVk1WjzG61iC1MVKxUCBRIRVSxqFn
  • pardot1017112=082f4ccc4017e7c67686041d91b3492c3319ebf1730f1863ece95c0fcbb76e4d
  • apple-domain-verification=gwqKRkCabTaVHorU
  • docker-verification=3dc376a7-d4d4-4bd5-9319-5ef01283f96c
  • amazonses:7IX09seUe/I6Bg984mlgwX1lIoZYkMiDt+ZEL6n/sls=
  • atlassian-domain-verification=c/baz/8XxW7kU1s88vSDc8il4/3eLUuH/PWpnQtxeh2iZtiE7x7hKPtm3nr9t8Cu
  • paloaltonetworks-site-verification=5bb4f11645d696b4eb8327ce35cdf40088266dc068cf27e917e4d02e386c6836
  • pardot1006882=7163d6650409b4459026930d7869506641657391effad8fb98c4a3d16f1df800
  • sending_domain1017112=8fb23a374d6f9518136797ad4d301581455d7a246c23406f2ae83d057f77f3d1
  • atlassian-domain-verification=kFv6CJy08SHg61fIAovw9dgpEie9/cvHFtdWWBGNdlDM3KaDUKrPYdC7rsN3g0/D
  • apple-domain-verification=0ux7Mw5VG0iHWkbp
  • YBW+JTijepmf7svG6sgGFnqko9TIG4mU0nw8hnzgl14qJB5Q29uHvRCx6Uea2RRpmO8rdikNB375zkdyS+yydw==
  • pardot961682=9e58e46b47d84dc79626bb0d80f7da70564e4650c5ff79a32c899eac849965ba
Cloud / SaaS Services Detected
Apple Atlassian Amazon SES/WorkMail Microsoft 365 Salesforce Miro Cisco Sophos Zoom