Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo se.com

Group: lockbit2

Discovered by ransomware.live: 2021-12-09

Estimated attack date: 2021-12-09

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 12

Compromised Users: 2706

Third Party Employee Credentials: 365

External Attack Surface: 109


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abuse nameshield.net
MX Records
  • de-smtp-inbound-2.mimecast.com.
  • de-smtp-inbound-1.mimecast.com.
TXT Records
  • x14vhn4g5145ds2nnc35dql79vx0xx3d
  • google-site-verification=h9fFgC-4Ewgax9CfgXSybXd3YcOViFck1ne9UxQ2SB4
  • qqmail-site-verification=5f94945151f98278050316bf7b2e8c66797eb67067b
  • Dynatrace-site-verification=b222eaea-8239-48df-b005-7d0c49e4a09a__6qv2j14tdadkupkvk2pgq05v8o
  • MS=b1c9d4ce-738a-4c07-8fad-e0afa621b287
  • l2chnpckrgj7vhjx1c61hx071mq1lzw2
  • asv=9a572d02e3a0e4bf43acf9d763650fc8
  • google-site-verification=tHjWz2XhzyTPPbrApyJDGtMP_m1bmlUud4PDn3hdnqQ
  • apple-domain-verification=baQOBxMkDgBFwF8l
  • google-site-verification=MaFwpFfx7DP8gvyYsIuJ3Ky0W4YwXPrePMnuxTEx9Po
  • mandrill_verify.zI6-HAsONKwasvlvvf_zxA
  • atlassian-domain-verification=IUsyq0ps6NhQSSAt3gkN688EjXUbqie77kAjH9QMNrD2VgJHZj2n9JrTqIicWJZA
  • drift-domain-verification=a2e57eb280949a86ec3ffd0024b280537c788ff36154db35f4dc6e87be4c8b5f
  • bugfender-saml-delegation=479vpkgct4
  • fastly-domain-delegation-Ymrax39Kz82D8jTg39d-717180-20231123
  • cisco-ci-domain-verification=fae82ad3392e54a17ae29b0a9adb72fbd53513e127f3ee1690cffbd3eb18d41
  • canva-site-verification=PZ12XM4dFemgms6w821Ybw
  • google-site-verification=4pE0niUkwZ8QWYHdtf4j66YkrdgDN454jw1zJXN8HlI
  • yandex-verification: 945d9382972544b7
  • paloaltonetworks-site-verification=74c75720f2f4a8b19f5e6974b05e633ad3a2e697beddf72118b921ab9a42722c
  • adobe-idp-site-verification=622dcab59c38d10640a49a43212a3d5cfab14d6fceebe67c033ff76ce890161e
  • atlassian-domain-verification=bhaGZHZEDTosyrA+DwJcaLQUTvKZaImxmhox10eRvoBGIufpk+TjLP6BNmFcP3DM
  • work-accounts-domain-verification=JLLfiGUtquBTi85fqn6HWzK3LLexsb
  • 7yxmsfkr3kj5llr8lhzj5j68m39b4gwq
  • fastly-domain-delegation-c5hErHvg0xkIgvEw-20210219
  • Dynatrace-site-verification=e1785671-30e6-4cbf-96b6-2add69a045a4__ak1pe6r3ecg9v0c33gjinlcrc5
  • v=spf1 include:spf.protection.outlook.com include:de._netblocks.mimecast.com include:%{i}._ip.%{h}._ehlo.%{d}._spf.vali.email -all
  • google-gws-recovery-domain-verification=53558559
  • google-site-verification=1GgjGuHOixQc08GyStPwGiOPemh5Qd10U4IizE2BJ-Q
  • atlassian-domain-verification=Fg7BQJK1jasMWzi2DznJaZPiP6LXLAlgXpKYQqdI/Tf3YruULC+vsBZLCwyETP6/
  • x3jjr7j72ks3rhddvwpj54l0tj6cdk4t
  • airtable-verification=f310a00de5f600ef7e75f94afe034730
  • yandex-verification: 430d73db20681c65
  • docusign=8b258e08-8b7f-40bd-a8bf-bc5c98615df6
  • tw98ghc9rzm1877j4rp8w6911pf3pqb6
  • atlassian-domain-verification=EC7toFnaf5ZxNbCWV1wfOhdaqbNUJfoj7Rw6CP5rcma95EbTfjGSrhAU1ym2Mfcs
  • MS=ms84104626
  • teamviewer-sso-verification=10a16e1c4d0d4e2685e4b31c7b9c5638
  • qqmail-site-verification=81af02789bce908268b0a93c7fd60f30a5f1cccdd46
  • mongodb-site-verification=5nLcONPh6IYwl3BGrYHsveCB5LS1CMVn
  • atlassian-domain-verification=hq98PdgYFNzjKRVg4oT2WGmerFieN1AAva9IaConyIRjEhR3v3fW2xXBVzbTAFba
  • 80mkjjx6qqkrzxpqt37gm8rsy1fxffb6
  • google-site-verification" " content=" "bGca5O5JuCnfWyyryhUyAaCJeMQRJveKoxGmRyIxn1g
  • docker-verification=14d15dfd-82b0-487c-93bb-b39683597e73
  • google-site-verification=nWVYUD_BTBJBefVMYTRkkxmUhxwYGJTXZGAVHz48mlA
  • fastly-domain-delegation-hujofbfixz9vx4q4dqhc-743406-2024-02-26
  • _zmhi0u3wsrzbr87w33trlbrn1mk87f7
  • onetrust-domain-verification=a490b00e13074b25b2f05072f7339c0a
  • cisco-ci-domain-verification=1e9a58578cde384b353a98a89761a18712b63e1bf04dae72778409222e5b1a73
  • pendo-domain-verification=iskRGsB6ZyZLF7RTi--6NxhBd6k
  • remarkable-domain-verification=9d88f407-9d69-4e21-bb99-60f12cfd700e
  • google-site-verification=Wb9wsMdyrbvzKdFH1Q0eSuEvRFVk26nwuU8TWZYmz1w
  • wxmk3myyf9g332fz6l3m0d083bz6hz1g
  • docusign=8d9d0f84-01bb-43f6-9e4a-3fef317f24a0
  • s1xfb00897y33wwf06by4qnx3lckf6w9
  • facebook-domain-verification=slgw3flkg8c626fxfi0443p2dx8uyh
  • m0xm6phjgcd3304xcmh8n6bvdgb0h6vw
  • google-site-verification=guKNXt4LW3k8QfCfquIP4pxXQ9x_vU8OgbY5pEWbB8w
  • google-site-verification=u-HvyvcgveswU1tmCdzUZcxPE2CFNTaBCEtSO57KkhQ
  • barco-verification=38c3c4f7-8590-546f-92dd-02f2fe367b7e
  • onetrust-domain-verification=84b23b3aed454a1eba46b3dad4f180ea
  • hlk6g3crxtypdm4s9crd78m4v1sz94f3
  • cisco-ci-domain-verification=2fc7ef85c0185ec367ec09038fcf72d2a82b01d7306c5a6e9442fdd9c4dc8f30
  • google-site-verification=3xfSXsuj-sou0myIXlXYrTMghs3_moq4GQYHJgYbc7w
  • smartsheet-site-validation=jeYrV2llaFegK9hHVD6miP3eP0fzxDK7
Cloud / SaaS Services Detected
Adobe Apple Atlassian Mailchimp Microsoft 365 Teamviewer Cisco OneTrust Mimecast DocuSign