Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo orange.com

Group: warlock

Discovered by ransomware.live: 2025-08-17

Estimated attack date: 2025-08-09

Country: FR

Description:

This is only a part of the files and file list. The full set of files needs to be purchased separately.

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 596

Compromised Users: 5582

Third Party Employee Credentials: 2274

External Attack Surface: 200

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abuse comlaude.com
  • orange.com-Registrant anonymised.email
  • orange.com-Admin anonymised.email
  • orange.com-Tech anonymised.email
MX Records
  • smtp-inb.orange.com.
  • smtp-ina.orange.com.
TXT Records
  • duo_sso_verification=JF7tiCKbsI8IspJzgOL234m9ZK5VzHsxWpZi2QA6x6OT87lHztyoyHRYPZEMbXIV
  • amazonses:4Ef6OYY1sBftDZXp6ZYLQJPVeSIftFIETeUySZSZU50=
  • google-site-verification=EgR1nVjlVIJsFPh123w4IxYw579zuT8SVRmG2MV4QNo
  • paloaltonetworks-site-verification=2dc7bd33c4704b30204bb566da30ae3535d9f432028af56b8f0d4c45c5a39ae4
  • agbd+nsdTrn8Rub2JDSk36FZWT+PG2lhMCh5ZdcsCOObuptBWFgZJ0ki803ma69m+xCgFAWUYGre+QgQxne5lw==
  • Dynatrace-site-verification=848fd8bb-b86f-43f6-b847-d9f6d4c9b787__b2rhn5qvemna3tej59e7cn0eqk
  • 6m0ty3d7p21dcs018p60d94312n88x7p
  • _36y7rdy34dh4pqltzp5b3a0i9rcmfvx
  • ibmid=3554696b-ecea-430a-848c-96eec8602507
  • v=spf1 include:spffed-ip.orange.com include:spffed-mm.orange.com include:spfa.orange.com include:spfb.orange.com include:spfc.orange.com include:spfd.orange.com include:spfe.orange.com include:spff.orange.com include:spf6a.orange.com -all
  • x6vsjq9gxgh74dz769hw39f0m3qyt7l2
  • openai-domain-verification=dv-1wjfG37pIz7SXU09w8c2cMAA
  • yahoo-verification-key=U2SIvWBwWNNhHlsYG10eQupsuYo4/ydGJIOYNHSia2o=
  • google-site-verification=yx2vvCrpCE8mso-4gjxqPnDjApJvb8iaAlKQRDdDhpY
  • webexdomainverification.649c173cc5d5c61ce053ad06fc0aa237=acfa580a-aeb8-483e-9b2e-4b6cf4fe02d4
  • atlassian-domain-verification=R1ijIzKaiL6pRCJAGYzeeREKu4bXmYJXrkP+ZwSODomHagfhElQk8CDU9g6v2Ywm
  • google-site-verification=1K0A2Jl6QN8GfhfsbLCaV5RR8qXlMV8ShzSvcUgE8WY
  • MS=EAC6B05D9F84DAFA905EE300CE122BFF3CBB8986
  • google-site-verification=WI7p36D_HNK_XBCk9tbWMTRDBJZn3taUT807LFWYT_E
Cloud / SaaS Services Detected
Atlassian Amazon SES/WorkMail Cisco Duo Cisco Webex