Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Logo

Rheinmetall AG

rheinmetall.com

Group: Blackbasta

Discovered by ransomware.live: 2023-05-20

Estimated attack date: 2023-05-20

Country: DE

Description:

As an integrated technology group, the listed company Rheinmetall AG, headquartered in Düsseldorf, stands for a company that is as strong in substance as it is successful internationally, and that is active in various markets with an innovative range of products and services. Rheinmetall is a leading international systems supplier in the defence industry and at the same time a driver of forward-looking technological and industrial innovations in the civilian markets. The focus on sustainability is an integral part of Rheinmetall’s strategy. The company aims to achieve CO2 neutrality by 2035.Through our work in various fields, we at Rheinmetall take on responsibility in a dramatically changing world. With our technologies, products and systems, we create the indispensable basis for peace, freedom and sustainable development: security.SITE: www.rheinmetall.com Address Rheinmetall Platz 140476 DusseldorfGermanyPhone: +49 211 473-01Fax: +49 211 473-4727
Infostealer activity detected by HudsonRock

Compromised Employees: 0

Compromised Users: 19

Third Party Employee Credentials: 5

External Attack Surface: 8

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • info@domain-contact.org
  • abuse@1api.net
MX Records
  • smtp01.rheinmetall.com.
  • smtp1.asysbs.services.
  • smtp02.rheinmetall.com.
  • smtp2.asysbs.services.
TXT Records
  • qw4mt6frb1c8kjdthsrbkg6bmsd01hwb
  • MS=ms78903920
  • _pvaxstdasry2xuoluanhl18n7t5sq8x
  • d2xch3mtvrrz8q3vhv6gtkw6xmphkvmw
  • 0ed1fe018a54f3279f40234cb4bd6a5d63da9e040e
  • webexdomainverification.=00ff6d1b-5eeb-475b-9829-cbe06d8fe5ae
  • adobe-sign-verification=abafc12e81cf34701bfed72779317c1
  • 5kz15x05n5j1b1qd3yh58b6hhwf03z8p
  • X9t/kR/4cp5Zytju7ri+3KUkqJ1QMDEcWviaT41zEnweGWakxpN/ykSpIewTDc6H45L7JsZr0vBLOS674IK6Rg==
  • google-site-verification=vR1FZ9ktZ4ug1oJYwyAPG_zrsyzND4Z-O3DjzioBnVY
  • 46rs8j3trisapdpdfr6revul2r
  • cb12qy4k2b1jp3z9csmxkj8402pw35zx
  • adobe-idp-site-verfication=b1e992e2955ec7b96b7106d75d556a00c7e60e75992960a8ab668c69bee84edf
  • adobe-idp-site-verification=b1e992e2955ec7b96b7106d75d556a00c7e60e75992960a8ab668c69bee84edf
  • hct37byvz1ltz1hxy314r94dt9snhfyb
  • frgv62jwn3s5r2snnxmkm58pp5syrhwf
  • cisco-ci-domain-verification=6ffe22c07bbe5bf05a5fa571793c81f251f9aca00f2bec092eb6081f07be6f12
  • 7507l6kfdoj2li5cppuule0sh2
  • v=spf1 mx ip4:149.154.96.219 ip4:149.154.96.220 ip4:217.24.207.146 include:spfa.myconvento.com include:_spf_euwest1.prod.hydra.sophos.com include:_spf-dc33.sapsf.eu include:ispgateway.de include:_spf.eu.mailgun.org ~all
  • apple-domain-verification=aoJaeIaSCCozorha
  • atlassian-domain-verification=elD92a76ph6rfVRGbIjf7v8l2ZAhvOjsG45gFc4L5rYQOph4dIYybLlnJlJfQobU
  • nlnzx8x6qqwy5nkdblsgxf24sbn3n9d8
  • MS=EC07CC4219326D4A62437AEC74F59F2D2CD2D629
  • kh44h6bnycg0bh764nv18gj7bjzmjgvh
  • D-TRUST=3DLDF7BC6NH3N4SO7RLJ3KN
  • nh1mx79gwbj2kpx90dms80wzcwwclj61
  • 15j061bkc7v7b1xz16fpx8011c47hkw5
  • fnr2ik3chpu82827e7eccehoec
  • hyt5csjvbqrmwd5qt8n1zv9h6lvnf8g5
  • _hk1t8h5i3mb8di1dzwv3zjqukakh3wm
  • D-TRUST=5IF5OYAOAD993YAA4ESWXO3
  • xt6mpqc6ph23d93nsgt7yw89tnym6ygx
  • sophos-domain-verification=9ee131ff0e558d3fae92b63fe4f5331b74136270
Cloud / SaaS Services Detected
Adobe Apple Atlassian Microsoft 365 Mailgun Cisco Sophos Cisco Webex

Leak Screenshot:

Leak Screenshot

Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.