BlackDirect: Microsoft Azure Account Takeover
Tags
attack-pattern: Data Domains - T1583.001 Domains - T1584.001 Impersonation - T1656 Javascript - T1059.007 Vulnerabilities - T1588.006
Show in Graph
Common Information
Type Value
UUID af8e61e5-d8d2-44bd-9ace-81c7bac7d3ee
Fingerprint 84318c9066637dc5
Analysis status DONE
Considered CTI value 0
Text language
Published Dec. 2, 2019, midnight
Added to db Feb. 17, 2023, 10:11 p.m.
Last updated Oct. 21, 2024, 1:20 p.m.
Headline BlackDirect: Microsoft Azure Account Takeover
Title BlackDirect: Microsoft Azure Account Takeover
Detected Hints/Tags/Attributes 39/1/7
Source URLs
Redirection Url
Details Source https://www.cyberark.com/resources/threat-research-blog/blackdirect-microsoft-azure-account-takeover
Details Source https://www.cyberark.com/threat-research-blog/blackdirect-microsoft-azure-account-takeover/
URL Provider
Details Provider Source level domain
Details cyberark.com www.cyberark.com
Attributes
Details Type #Events CTI Value
Details Domain 4 
cloudapp.net
Details Domain 14 
azurewebsites.net
Details Domain 3 
cloudapp.azure.com
Details Domain 5 
graph.windows.net
Details Domain 6 
microsoftonline.com
Details Url 1 
https://login.microsoftonline.com/common/oauth2/authorize?response_type=token&client_id={client_id}&resource={resource}&redirect_uri={redirect_uri}
Details Url 3 
https://graph.windows.net