Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo mazars.fr

Group: babuk2

Discovered by ransomware.live: 2025-03-10

Estimated attack date: 2025-03-10

Country: FR

Description:

mazars.fr company

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 4

Compromised Users: 23

Third Party Employee Credentials: 7

External Attack Surface: 13

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • fg safebrands.com
  • gestiondomaines mazars.com
  • clientele safebrands.com
MX Records
  • de-smtp-inbound-2.mimecast.com.
  • de-smtp-inbound-1.mimecast.com.
TXT Records
  • miro-verification=1d2f7ed04959cf28f7763796fc007b3128be7614
  • httpcs-site-verification=6e75e5f36d57b458d6f40cd3367dc390979042e2
  • atlassian-domain-verification=vmNsgq5+HBQnKLMAaek/1dcfG5nqTVsnlH5XQPglg5kdHMWU2lFa7HnDA3MCyTuj
  • httpcs-site-verification=b03a548ec6402fe5d83bf6863d4dc5f71359090d
  • docusign=46527f99-3b27-4809-8ca7-da7b9267314e
  • facebook-domain-verification=vtfsblscu1kh2206pfyzm759rre5tv
  • MS=ms86296018
  • sending_domain182332=d2122ca0ad9a452832beb274d5228b117d7b39ecc0973c5139b228efebf6905a
  • msfpkey=44dipccelfqcwwy4tlfhoysa5
  • v=spf1 include:de._netblocks.mimecast.com ip4:193.186.8.12/32 include:_spf.salesforce.com include:servers.mcsv.net include:aspmx.pardot.com include:marketing.dynamics.com ip4:185.7.39.6/32 ip4:185.7.39.7/32 -all
  • httpcs-site-verification=b7d7ffa61f77b40e05945e5a438c91a02687405f
  • pardot_182332_*=fbe93207c420f13a9da63ae692c51f1333d6925e7258ea13049483fe4c3b5a98
Cloud / SaaS Services Detected
Atlassian Microsoft 365 Salesforce Miro Mimecast DocuSign

Leak Screenshot:

Leak Screenshot