Wfmt
Wfmt
Group: play
Discovered by ransomware.live: 2025-07-08
Estimated attack date: 2025-07-08
Country:
Description:
United States
🕵️ Infostealer activity detected by HudsonRock
Compromised Employees: 0
Compromised Users: 2
Third Party Employee Credentials: 0
External Attack Surface: 3
Infostealer Distribution
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- registrar-abuse cloudflare.com
MX Records
- us-smtp-inbound-1.mimecast.com.
- us-smtp-inbound-2.mimecast.com.
TXT Records
- 65fi42s3skos1b8bp4nsjrbnog
- MS=ms52501201
- RqY/liWJPEsiSlEAcOp6/RbmmsKSMiHxASrV4ZprG/dWidQpHIVF8pupw1Q1bHbNWaBUr59Z4twDVk/i213UbA==
- _0151c061c860e60be109aabce98ec7d6.secure.wfmt.com
- atlassian-domain-verification=A3zQ84tZ6w/aIZm7dcFsdCx9Nb0M6f13p77gLkKCPtHbaABaPwp7V2ut14lwt1ag
- brave-ledger-verification=4b3e92ba7b67d29febead1b5d6d62714f56ab9f9ef8bd15eda6e2f2b0bcb5b4d
- canva-site-verification=VOnOn9dvZdpce4cSs9Lfww
- duo_sso_verification=GRWrLJfOGbwKnkt8PNHEb0Kn74dZNZW9qaOfUx26RLH6hDg0jn9dpyafFueaI6Oc
- google-site-verification=pgNLW_1ztW5OHtioRC3essSsHunhih2lOG_n3vI67JA
- ptkc6jismsc2pfk780v2mpiu6t
- tu7q7safqivic8it7qca8v5387
- v=spf1 include:_netblocks.mimecast.com include:amazonses.com include:emsd1.com ip4:52.128.40.188 include:spf.protection.outlook.com include:sent-via.netsuite.com include:phxrelay.tbe.taleo.net include:oracledelivery.com ~all
- 1password-site-verification=FXVEBMHIQ5GCHLR27FMKFBKDDA
Cloud / SaaS Services Detected
Atlassian
Amazon SES/WorkMail
Microsoft 365
Cisco Duo
Mimecast
Leak Screenshot:
