Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo www.bms.com

Group: apt73

Discovered by ransomware.live: 2024-12-09

Estimated attack date: 2024-12-09

Country: US

Description:

Pharmaceutical company. personal data - 302 lines

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 36

Compromised Users: 298

Third Party Employee Credentials: 80

External Attack Surface: 106


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domainabuse cscglobal.com
MX Records
  • bms-com.mail.protection.outlook.com.
TXT Records
  • amazonses:ktMYsycMs8PKWeHU8bWexyvcCDEY7uUzNGHpVnQyyTU=
  • docker-verification=fb95b86a-b2bc-4f70-bcd0-c073a1543216
  • amazonses:d5YmSkeyzjXSbipNStc6RERSjhs46FbW2MuO8ByweM0=
  • /3bkWBKSCXCO+FNSqsq3yF0gJ7qLVnG8laoRmYxExiN3DEpiUeCG5hcBfvBGsMqZ+Pf4yO62wTgvKqA0Zrs5vw==
  • amazonses:op/IVNPy3ZZRj1wMAtybdZJ9HwuDYemTApbVG3le6OA=
  • ms=ms96488367 1 Hour
  • uapSecret:fFuXoTft+987a+54uxVS2A==
  • wiz-domain-verification=0077e21dff1392ce00693d9000fbf390264055874d307189be082d60bbeeae4c
  • amazonses:ObuXeUWqttIikc7CRZpSJHpehF/vg830FN0oH9spXv0=
  • s9pfy94fskhvflpvb77cs1gkq4lc51zs
  • v=spf1 include:ip4.bms.com include:spf.protection.outlook.com include:_prolifiq.bms.com include:spf1.satmetrix.com include:spf.axalone.com include:spf.workfront.com include:sendgrid.net ~all
  • amazonses:rrPHTJ2tWslyQFliONmdiroWJToJOUFGVkPT0KDRLcI=
  • smartsheet-site-validation=7Vc7pvuaKfKNQji1-FEnQmUQflgZ1Z-A
  • mindmanager-verification=27b5f3558e46ebadd7b69497fa9b6f2230e2139bc7d70846b896fb8030236f2f
  • 6f14b606-5d78-4d4e-bff2-993df63ba555
  • 4xcv2zmdqbgjcdgb29fzhr2ztxdlmz0m
  • wrike-domain-verification = MTc2NjA5MzowNmVhNjdlNzM3YmRkMDEyN2E4ZDhiMzhmMTQ2ZDYxYWRhOTMwMTjhMmZmZGQ0OWQyMjJmNjViMTdhOWY0OTQ0
  • a014J4SxS73xMSxz7FLIfW3Zx218XLYwYW7803FyAAc
  • globalsign-domain-verification=797f13cd621e2a953c88006d505d0c2c
  • atlassian-domain-verification=9RhYYH2SC+A3w2CMOONp0vYT9sYWZQ9Qx1NEd3nxHg8HnMZwyQfFmYuAMUkAAXwJ
  • globalsign-domain-verification=B48B5E424E584DFED8BB3413BF7F2CA7
  • gl4mk6qkfm32h68v0d53zjprvncqc064
  • 0ed1fe018a67b4b2d7de2946dab58f6654b663d03c
  • globalsign-domain-verification=73c0f87c2df5a1e8e33b8153dcfc2a97
  • mandrill_verify.iHYsSrtgVLfbVyfLukuQJg
  • _b7r7yqtbhvgel1bspe1jozo7nvsrv6z
  • Dynatrace-site-verification=850f7444-3793-4d34-96a4-b41fdb70882c__1gir510rg6t6dmdtv3opbd78cl
  • google-site-verification=a014J4SxS73xMSxz7FLIfW3Zx218XLYwYW7803FyAAc
  • docker-verification=523f176d-8c8c-4f4d-bb78-5dce1f92349f
  • apple-domain-verification=2qhGTE0YMf88LvLb
  • onetrust-domain-verification=a107e5d6f51a4e1cb7681f01c883f4ce
  • amazonses:3DLGJBsWNFsnlgaPTJYYQQVy8zJK6C0ZOrZ2OkcOl5A=
  • kfw8p8d4d7cv8ywl8bq5n73pbjmkvm33
  • globalsign-domain-verification=dd34e49a7b611ce46c8deda75f3f632a
  • lm4sl5f06l905696svby2ggl26v9xsng
  • 0zgjsxjs3cg0b5mb3gtd76bqj8tb2r6n
  • facebook-domain-verification=ia4hrv0wpmjmg67pnkqddfcza5w9is
  • cisco-ci-domain-verification=785f27e7818fe35987b347d44c216f4b03baffccebc67474e355abcf35278a48
  • _uph0m1l2x7c8gfks21suah6quk20v76
  • dtm-domain-verification=6rFH_6DvreUSrNkCzlm_7H9qRG1APYpaDxmaNVSyLfI
  • SFMC-Y7qmOaUYi-2EmDUtM8HHt5Aq25qlUDJnzuSdXd_q
  • ZOOM_verify_mpvT1IQeSsaGE3DZoIvaUA
  • globalsign-domain-verification=DEE01B2F98B8CE5FE44933B37B6C6D69
  • amazonses:3fTaJacUBuPGaSuu2GW2fIMfhAr0AiFDzdOYO+yBBg4=
  • successfactors-site-verification=NGUxYjczYTFmNDg1MDM5NDEyMmU1NTEzYWI3NTkzNWJlYmY5MTk2NTljYjJkM2NjZWYyMmI4NThmMmUxNGJmZA==
  • openai-domain-verification=dv-Fky6atfzP4pa9m5ei4i9Jhj0
  • autodesk-domain-verification=_qrvljuc4cBH-gSx7aXm
  • onetrust-domain-verification=33e89e71d8c2442c9daead423d8d07ea
  • b7t9d4356n8f4b3nhym6vrc2p0p27s3v
Cloud / SaaS Services Detected
Apple Atlassian Amazon SES/WorkMail Mailchimp Microsoft 365 Autodesk Cisco SendGrid OneTrust Zoom

Leak Screenshot:

Leak Screenshot