Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo icicibank.com

Group: apt73

Discovered by ransomware.live: 2025-01-21

Estimated attack date: 2025-01-21

Country: IN

Description:

Banking · India

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 63778

Compromised Users: 40686

Third Party Employee Credentials: 392

External Attack Surface: 200


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations web.com
MX Records
  • icicibank-com.mail.protection.outlook.com.
TXT Records
  • google-site-verification=75WuR0IasGjYcYDt8sDOx4klSA__V7ecux88v5b-LVg
  • u2qwetm5l424w4bbwmwyj4zlzgohkx5t.dkim.amazonses.com
  • ST4eO1Wghd0qGer9wteWG99VdaddQXXo4pdQ0qU5fvN0J1lxR0syIxUesi4dtApZBPcPoShvU8RIIAt5b1z+WA==
  • MS=ms83549914
  • v=spf1 ip4:103.87.41.227 ip4:103.87.41.228 ip4:103.87.41.229 ip4:203.27.235.0/24 ip4:203.189.92.0/24 ip4:203.101.90.39 ip4:203.199.52.27 ip4:103.87.43.118 ip4:103.87.43.119 ip4:103.87.43.120 ip4:203.199.52.49 ip4:203.101.90.61 " " ip4:203.171.210.0/23 ip4:13.235.156.42 ip4:203.171.210.17 include:_spf1.icicibank.com include:156586011.spf2.netcorecloud.net -all
  • EB34-A410-C4AD-ABC3-0C4F-630B-9A7A-794B
  • atlassian-domain-verification=QS8CdnNOBOME9pTX5Wmi4RipBZwFt0tk9YGND0qo2EenPOKxA06WHizbeJEGwa8i
  • MS=ms52700731
  • ii5xx6mg2ok47qpemvtrjaguqwjxjhey.dkim.amazonses.com
  • adobe-idp-site-verification=d37136889e6281715d4a222fa72216da4412bd6d86358a064deff86d1c4c5e9a
  • google-site-verification=3TXzaCVZBuGyNiRhvtXkIYzMBAwxXtyHUOPIo1y9yLM
  • 4Q3B3pTe7TvfRntmCDJ2wyBFBpqvTIuZZtrd7LZNr6JQdVpf9xv90MBe0d7rUPwcSwwi7Z4Gc7EPTJzbp6t7dg==
  • MS=ms93634292
  • google-site-verification=m1M234uXFSSszQp_EwMyiRO82e7lNVFgw5Vh_MPGSuY
  • google-site-verification=b87lpF78LJIyswetJOxNTq4Bwra1TJvv1REsDlr96Io
  • VISA=59352480425FB47B75163EAFE16B418B
  • Visa" "=" "A85FA5A118115BEAAF5CFA0D742F692E
  • pexip-ms-tenant-domain-verification=0ceb6b0b-89c2-49f1-b36b-643419ef915c
  • gyo7b3ax3lkcgxklxir7cveuuyfde5gz.dkim.amazonses.com
Cloud / SaaS Services Detected
Adobe Atlassian Amazon SES/WorkMail Microsoft 365

Leak Screenshot:

Leak Screenshot