Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

subway.com

subway.com

Discovered 2024-01-21 11:45 UTC
Est. attack date 2024-01-21
Country US

Description:

The biggest sandwich chain is pretending that nothing happened. We exfiltrated their SUBS internal system which includes hundreds of gigabytes of data and all financial expects of the franchise, including employee salaries, franchise royalty payment...

Infostealer activity detected by HudsonRock

Compromised Employees: 18

Compromised Users: 11980

Third Party Employee Credentials: 16


External Attack Surface: 112


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • No emails found.
MX Records
  • fwh-mail-onmicrosoft-com.mail.protection.outlook.com. Microsoft 365
TXT Records
  • amazonses:WouvrcaLNwm9MeOA8mPHl3iSO4PJt4GRJpbhFF3crDw=
  • apple-domain-verification=oeE28ZHe_eQoKq4vPnj1g-ZEqQBgf55X9GyfpeOh5qs
  • amazonses:IVt2mlynAK3WsbvNCsXkHJ/Jwoec4Vn7PuhiYJpSGt8=
  • apple-domain-verification=ZePlie9LX2l3lM7J
  • onetrust-domain-verification=0423cc8be9fc48a6a8221dbb3b6df59d
  • tlJrgGGNYW1T6TOpf3LBRcwsOaS3gelSZgfy60SdzvpTW5WpiAHY4v/hdv/R7WxtcYJ7HF1bBKjSFk7iX6T2tA==
  • MS=ms45332749
  • flfivcv809cpb8tv46a1ims5pa
  • 2paqitupt4v2gfj371i85act53
  • _qqdjbhl6yfl1s6qu8m3rbju0h907lny
  • CpWwpQX5DV75F+ZKWAyCyNDUxbYo4InxXeA0PTtdjTCuoo1nm1F6BnEU/LMCxoQsHSQEcffbI4tufAWu8lwICw==
  • smartsheet-site-validation=WtEHNAAL4WG877SNeundsGrK2ks3oevQ
  • _xb3hf9ozq4ftpre79rej7cr3hdm9xnk
  • postman-domain-verification=5e170be124ac49506592a4877255b533a56f7ed12bd9259f527d78c5695bca99401d8fef051f767bb7bd04e7f228acd25151145fb954cecb801f09372715b1f6
  • amazonses:lQ7e4of+cGMztoZEmpEpxOv439FwHEC4BXhcspQhdY4=
  • amazonses:rfeDc6IPwWwqIeXxLTkMIFIehh1+o5FR+AEIBPo+aDM=
  • _rrkgo7ymt9tvgtbyc18htgca1uymclb
  • apple-domain-verification=b5CpkBhV8vIzZtP8
  • docusign=5d070834-6746-415f-8a1c-48a729c4928e
  • Dynatrace-site-verification=37764e30-4ee4-403b-a66b-f2dacc3a7734__6vthkjdn478aftj5kmo2ghajeo
  • cloudhealth=b7d0679d-5571-410b-8073-7c7483a0aed9
  • GtuUJJbOSsufY0shVDZxs5FXpBrxJCCVyF/V3rBqKtzqdGEdfAfFd/cx8n7J71VUE1GGoDLjFYW44q5uEmZ0UQ==
  • d365mktkey=4vh8zlupmija2mggwyfzad1yv
  • Dynatrace-site-verification=da9ae839-07f7-479f-a048-f3c40b64337c__ovr7cl3o83h6v8k6sgf7qac8nt
  • anthropic-domain-verification-111pyz=1nPjXqAfargZnEgGLARKRSDUr
  • EmEjLLL4QADoazTzqtvan1bv6YMyVFwGL2jNXpikJzhI8o//7A6fOpAcg1iqih5QidRx9U0i2lae15h3PWY8Xw==
  • d365mktkey=27h4szq8axqtjclmkrdhoydvx
  • jamf-site-verification=8LRBBQ03vXBLvd73kMnJfA
  • v7cehmoklrdicplaf13ac8k2ua
  • _o4x70rw643ior6dk07wcma2wa5lv4al
  • ecostruxure-it-verification=650a765a-c7dc-49a6-85ef-63d7ae790f21
  • onetrust-domain-verification=e353972587624065aec066201135b725
  • google-site-verification=bUgaQaOMKw_x8QqEELf8-07tgm1Rk0ojsUl0wJr7qJ8
  • 3bcvb797i9bokin5jdb6np2r3k
  • _m9mz38zyi79jntjchyy474p39sqhp2k
  • v=spf1 mx include:spf.protection.outlook.com ~all
  • facebook-domain-verification=9411x4korp3etqeg7zd5ihfmhimgbz
  • _wfmjcqncwns5kjc701z1274fe51b4p9
  • adobe-idp-site-verification=c780fdf0a32f6f8ca3d2aed6a01d69016c27b9182374f34214ba80e9ea81f931
Cloud / SaaS Services Detected
Adobe Apple Amazon SES/WorkMail Microsoft 365 Anthropic JamF OneTrust DocuSign

Leak Screenshot:

Leak Screenshot