Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo rheinmetall.com (Rheinmetall Defence)

Group: babuk2

Discovered by ransomware.live: 2025-04-04

Estimated attack date: 2025-04-04

Country: DE

Description:

rheinmetall.com (Rheinmetall Defence)

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 0

Compromised Users: 19

Third Party Employee Credentials: 5

External Attack Surface: 8

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abuse 1api.net
  • info domain-contact.org
MX Records
  • smtp2.asysbs.services.
  • smtp1.asysbs.services.
TXT Records
  • fnr2ik3chpu82827e7eccehoec
  • hct37byvz1ltz1hxy314r94dt9snhfyb
  • kh44h6bnycg0bh764nv18gj7bjzmjgvh
  • qw4mt6frb1c8kjdthsrbkg6bmsd01hwb
  • _pvaxstdasry2xuoluanhl18n7t5sq8x
  • MS=EC07CC4219326D4A62437AEC74F59F2D2CD2D629
  • hyt5csjvbqrmwd5qt8n1zv9h6lvnf8g5
  • adobe-sign-verification=abafc12e81cf34701bfed72779317c1
  • xt6mpqc6ph23d93nsgt7yw89tnym6ygx
  • 7507l6kfdoj2li5cppuule0sh2
  • 0ed1fe018a54f3279f40234cb4bd6a5d63da9e040e
  • nlnzx8x6qqwy5nkdblsgxf24sbn3n9d8
  • 46rs8j3trisapdpdfr6revul2r
  • cisco-ci-domain-verification=6ffe22c07bbe5bf05a5fa571793c81f251f9aca00f2bec092eb6081f07be6f12
  • cb12qy4k2b1jp3z9csmxkj8402pw35zx
  • google-site-verification=vR1FZ9ktZ4ug1oJYwyAPG_zrsyzND4Z-O3DjzioBnVY
  • adobe-idp-site-verfication=b1e992e2955ec7b96b7106d75d556a00c7e60e75992960a8ab668c69bee84edf
  • D-TRUST=3DLDF7BC6NH3N4SO7RLJ3KN
  • webexdomainverification.=00ff6d1b-5eeb-475b-9829-cbe06d8fe5ae
  • 15j061bkc7v7b1xz16fpx8011c47hkw5
  • sophos-domain-verification=9ee131ff0e558d3fae92b63fe4f5331b74136270
  • frgv62jwn3s5r2snnxmkm58pp5syrhwf
  • nh1mx79gwbj2kpx90dms80wzcwwclj61
  • v=spf1 mx ip4:149.154.96.219 ip4:149.154.96.220 ip4:217.24.207.146 include:spfa.myconvento.com include:_spf.prod.hydra.sophos.com include:_spf-dc33.sapsf.eu include:ispgateway.de ~all
  • MS=ms78903920
  • D-TRUST=5IF5OYAOAD993YAA4ESWXO3
  • apple-domain-verification=aoJaeIaSCCozorha
  • 5kz15x05n5j1b1qd3yh58b6hhwf03z8p
  • d2xch3mtvrrz8q3vhv6gtkw6xmphkvmw
  • adobe-idp-site-verification=b1e992e2955ec7b96b7106d75d556a00c7e60e75992960a8ab668c69bee84edf
  • X9t/kR/4cp5Zytju7ri+3KUkqJ1QMDEcWviaT41zEnweGWakxpN/ykSpIewTDc6H45L7JsZr0vBLOS674IK6Rg==
Cloud / SaaS Services Detected
Adobe Apple Microsoft 365 Cisco Sophos Cisco Webex

Leak Screenshot:

Leak Screenshot