Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo euskaltel.com

Group: Lockbit3

Discovered by ransomware.live: 2023-05-15

Estimated attack date: 2023-05-15

Country: ES

Description:

The data was downloaded from mundo-r.comEuskaltel is a telecommunications group in northern Spain. The company operates via Euskaltel, R and Telecable. As a mobile phone operator with its own 4G license in the Basque Country, Galicia and Asturias...


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abuse interdominios.com
  • gdpr-masking gdpr-masked.com
  • info interdominios.com
MX Records
  • masmovil.in.tmes.trendmicro.eu.
TXT Records
  • google-site-verification=fwvBpux9Jzsjjm7sEwZfo3sT4-wiQLlvQLvrnmI7znc
  • wiz-domain-verification=dd821aed478b040802359c366996cf6e88279e13062d2e65c8e26a4918fa12d7
  • _globalsign-domain-verification=nlQ5FqEFnnRsmxx1rwuPEugXtYlTmufnSgyspTcVv9
  • _globalsign-domain-verification=iZwP-K10B1EDPq6eM5zXTm3LWdzzsSbyJOjFyl3FjS
  • _globalsign-domain-verification=NWwpnS4fqDffLEpTwX-CI_JojoqetnoWNCdtWY0ugf
  • MS=ms22010346
  • tmes=7974f251c93ef3648aa817fda50d8d55
  • _globalsign-domain-verification=B_2GfvnOYyRKWbSy3k8GiwtJRSW8OTbzAe3A2ZB72-
  • google-site-verification=YoAR5mBZK4jMZHXa_n-ciecpf7SE5z4hrWxUGVldYLw
  • globalsign-domain-verification=A369542D1B96B92AD8DCCBEEC98FD9E9
  • Dynatrace-site-verification=49bc7b6f-cb4c-491f-8d10-35afb3963a55__6bhqiiupt6br25rk8bn0m392ac
  • google-site-verification=vxngO3NIqsDKp2BjPxhMxc9DPcYVHTkJ93CZGTjPuYE
  • EdT+bWghUJ8JzY1YptYD9mp1jwD/k6uC9UU3lpDeMOIbLbR5gpneVJYFsdUQfDXrpHdNvTDnS4axs+8tIpLUKg==
  • _9vpmlzcp9v77zzjdmkna5fq7idw7t8m
  • dtm-domain-verification=tsvaAzs5OAAi4sPwxmipb1dyZlIew0dTMptdqgD70gQ
  • MS=CF5A15A35478AD4B3CC67FCBD2A404F55424CFD7
  • v=spf1 include:spf.protection.outlook.com include:_spf.google.com ip4:94.199.92.0/23 ip4:103.196.252.0/23 ip4:185.93.140.0/22 ip4:185.215.216.0/22 ip4:207.126.136.0/22 ip4:199.204.12.0/22 ip6:2a02:7b01:0:42::1:0/114 ip6:2a02:7b01:1000:42::1:0/114 ip6:2a02" ":7b01:2000:42::1:0/114 ip4:212.142.145.30 ip4:212.142.145.31 ip4:212.142.145.32 ip4:212.142.145.37 ip4:212.55.8.49 ip4:212.55.8.50 ip4:212.55.8.20 ip4:212.55.8.22 ip4:2" "12.142.144.0/27 ip4:212.51.32.162 ip6:2002:d48e:9120:0000:0000:0000:d48e:9120 ip6:2002:d48e:911f:0000:0000:0000:d48e:911f ip4:212.51.32.151 ip4:212.51.32.152 ip4:212.51.32.153 ip4:212.51.32.154 ip4:212.51.32.187 ip4:212.51.32.191 ip4:185.41.28.0/22 ip4:94" ".143.16.0/21 ip4:185.24.144.0/22 ip4:153.92.224.0/19 ip4:213.32.128.0/18 ip4:185.107.232.0/22 ip4:77.32.128.0/18 ip4:77.32.192.0/19 ip4:212.146.192.0/18 ip4:172.246.0.0/18 include:spf.hornetsecurity.com ip4:94.100.132.64 ip4:46.25.236.174 ip4:46.25.236.16" "4 ip4:46.25.236.183 mx include:spf.tmes.trendmicro.com -all
  • _globalsign-domain-verification=x1kOqGnC0YYr5Giog_NvMK57WDobta9fnDu0bv1SGt
  • atlassian-domain-verification=6bt/5MCLEIalQR5J4CEsWa0vQ0VT4eDveXHBlOW9jLeh2GIfV2GiJqGGQeNwAIaQ
Cloud / SaaS Services Detected
Atlassian Microsoft 365 TrendMicro

Leak Screenshot:

Leak Screenshot