Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo medion.com

Group: Blackbasta

Discovered by ransomware.live: 2024-12-18

Estimated attack date: 2024-12-18

Country: DE

Description:

Medion AG is a German consumer electronics company founded in 1983 by Gerd Brachmann and Helmut Linnemann. The company is headquartered in Essen, Germany, and operates as a subsidiary of the Chinese multinational Lenovo Group since its acquisition in 2011.SITE: www.medion.com Address : Am Zehnthof 77 45307 Essen GermanyTEL#: +49 201 83 83 0ALL DATA SIZE: ≈1.5tb+ 1. Corp data, Financial data, Accounting… 2. Personal employees data and documents 3. Projects 4. Engeneering & etc…

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 12

Compromised Users: 5

Third Party Employee Credentials: 0

External Attack Surface: 103


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain-abuse internetx.com
MX Records
  • medion-com.mail.protection.outlook.com.
TXT Records
  • google-site-verification=JVkAhc_rJwwLhZyPkaaKurmBGgCsMr2rWFGxZ_oSIGk
  • asv=9b4495617261643f01190d036cd530ae
  • sVOorfhiMwxL+pz/AofZpb97f/QZQVKRB4iKk9C0+iotuSxL6V5px+uPSVuLxEGiLokYWWqbgKiOeOV7yAZMCA==
  • atlassian-domain-verification=iDOeUIENzMUCITC5RLOg8Kz4dO/Uwgo/RD2e12Ly3a5bV5G0zkpkgXwvlniPI6Th
  • 31d467c5-4daf-4642-83a9-10dd2b6eb3b4
  • v=spf1 ip4:62.180.131.128/27 ip4:91.209.42.4/32 ip4:195.190.140.0/24 ip4:88.86.101.64/27 ip4:95.168.205.192/26 ip4:62.156.162.229/32 ip4:80.228.117.0/24 ip4:193.169.76.0/23 ip4:50.31.232.179 ip4:213.214.107.2 ip4:213.214.107.3 ip4:194.29.226.99 ip4:46.19." "168.0/23 ip4:185.48.116.234 ip4:81.169.240.169 ip4:106.75.10.117 ip4:106.75.8.93 ip4:106.75.8.89 ip4:120.132.55.96 ip4:120.132.55.91 ip4:120.132.55.90 ip4:120.132.55.79 ip4:120.132.55.74 ip4:159.65.120.153 ip4:18.166.39.108 ip4:167.89.0.0/17 ip4:168.245.0" ".0/17 ip4:87.253.232.0/21 ip4:185.189.236.0/22 ip4:185.211.120.0/22 ip4:185.250.236.0/22 ip4:115.124.21.0/24 ip4:140.205.208.0/24 ip4:47.88.45.0/24 ip4:8.219.35.0/24 ip4:47.90.196.0/24 ip4:106.11.171.128/25 ip4:91.219.154.231 ip4:91.219.154.200 ip4:92.39." "30.136 ip4:92.39.30.137 ip4:46.183.40.100 ip4:62.134.205.107 include:spf.protection.outlook.com include:spf.happyfox.com include:_spf.salesforce.com -all
  • atlassian-sending-domain-verification=e6067fee-3b7b-4e0c-b9ce-b7ca48c6e833
  • MS=ms72420070
  • 43w6rt273y37dlqxkm1lqf894h6ncl73
  • google-site-verification=x6ZgtYGlL5AARugWz74PJCWum8DiRO9dNFZ5PDlhEkM
  • atlassian-domain-verification=wC7YJZFFI/LlW5RA7nvGeh9pu1AKeVwagh7yKRsDnB6x7i8wUl67a8nAam1keKx0
Cloud / SaaS Services Detected
Atlassian Microsoft 365 Salesforce

Leak Screenshot:

Leak Screenshot