Amazon seizes domains used in rogue Remote Desktop campaign to steal data
Tags
country: Russia Ukraine
maec-delivery-vectors: Watering Hole
attack-pattern: Data Direct Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Remote Desktop Protocol - T1076
Show in Graph
Common Information
Type Value
UUID 6b16e16a-1def-4831-9dd3-246d10b926cb
Fingerprint 228809582e336488
Analysis status DONE
Considered CTI value 1
Text language
Published Oct. 25, 2024, midnight
Added to db Oct. 25, 2024, 7:34 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Amazon seizes domains used in rogue Remote Desktop campaign to steal data
Title Amazon seizes domains used in rogue Remote Desktop campaign to steal data
Detected Hints/Tags/Attributes 51/3/3
Source URLs
Redirection Url
Details Source https://www.bleepingcomputer.com/news/security/amazon-seizes-domains-used-in-rogue-remote-desktop-campaign-to-steal-data/
URL Provider
Details Provider Source level domain
Details bleepingcomputer.com www.bleepingcomputer.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 279 BleepingComputer https://www.bleepingcomputer.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CERT Ukraine 13 
UAC-0215
Details File 74 
mstsc.exe
Details Threat Actor Identifier - APT 665 
APT29