nubox.com & sumasaas.com
nubox.com & sumasaas.com
Group: alphalocker
Discovered by ransomware.live: 2025-09-08
Estimated attack date: 2025-09-08
Description:
150 GB DATA -Contracts -Projects -Clients -Customers etc
🕵️ Infostealer activity detected by HudsonRock
Compromised Employees: 130
Compromised Users: 1117
Third Party Employee Credentials: 12
External Attack Surface: 46
Infostealer Distribution
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- trustandsafety support.aws.com
- c8a6bf9b-8a98-49d4-a461-06decdfd6223 identity-protect.org
MX Records
- aspmx3.googlemail.com.
- alt1.aspmx.l.google.com.
- alt2.aspmx.l.google.com.
- aspmx.l.google.com.
- aspmx2.googlemail.com.
TXT Records
- _globalsign-domain-verification=bR8D0X-Dni7oCrS0Qy9QtoxmYoxwyF_AIvSDgt2CaR
- google-site-verification=I8IlB7B1vrl8RotfKjrjkVFIm-wbqEOYh-NZUzPPmio
- google-site-verification=YdfmiCBwc3XR4qNcAPyVwhpeXjBHJ3Tq7HooygrkEQw
- google-site-verification=gAwJv-pp7tbYY5Rs4Z4UgvKaq8oQ-zMTJrxYnSTowno
- google-site-verification=klU1b75RRYplOTfrvmL9iWBBR_CHyURlqx5FGJNdqK0
- have-i-been-pwned-verification=dweb_o3g40bbryu9d56aiw417xkj4
- include:2081075.spf08.hubspotemail.net
- mandrill_verify.ovPwEdLu9BUJoZWE58DyeA
- new-relic-domain-verification=82e65e34f20e454d91b709266b9d8366
- status-page-domain-verification=ccydj0j3my2h
- v=spf1 a ip4:208.91.114.151 include:_spf.google.com include:2081075.spf08.hubspotemail.net ~all
- 1e0bpqRyG8BGikjUR08XKmTEJnjTcmsBnO0Nb7ghUuo=
- MS=ms41484971
- _github-challenge-nubox-spa.nubox.com.
- _globalsign-domain-verification=1UR15AmuaE3woEc_MsLTZIuAIbPQeg9yBn9Kj4rMh3
- _globalsign-domain-verification=3ZDg8ykDogpF-GRIv2rPdyHGx2ilJwCLD0Wz6vXCov
Cloud / SaaS Services Detected
HubSpot
Mailchimp
Microsoft 365
Have I Been Pwned
Leak Screenshot:
