ioc[.]one - OSINT Cyber Threat Intelligence Database

Microsoft Warns: Midnight Blizzard's Ongoing Spear-Phishing Campaign with RDP Files

Tags

country:	Australia Japan Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Clipboard Data - T1414 Conditional Access Policies - T1556.009 Credentials - T1589.001 Email Addresses - T1589.002 Malware - T1587.001 Malware - T1588.001 Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Clipboard Data - T1115 Remote Desktop Protocol - T1076

Show in Graph

Common Information

Type	Value
UUID	b173d223-681d-492b-9e81-667efd0947b8
Fingerprint	249c8c112e0cbc81
Analysis status	DONE
Considered CTI value	1
Text language
Published	Nov. 1, 2024, 1:14 p.m.
Added to db	Nov. 1, 2024, 2:18 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Microsoft Warns: Midnight Blizzard’s Ongoing Spear-Phishing Campaign with RDP Files
Title	Microsoft Warns: Midnight Blizzard's Ongoing Spear-Phishing Campaign with RDP Files
Detected Hints/Tags/Attributes	57/3/2

Source URLs

	Redirection	Url
Details	Source	https://heimdalsecurity.com/blog/microsoft-warning-midnight-blizzard-spear-phishing-rdp/

URL Provider

Details	Provider	Source level domain
Details	heimdalsecurity.com	heimdalsecurity.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	132	✔	Heimdal Security Blog	https://heimdalsecurity.com/blog/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	Mandiant Uncategorized Groups	97		UNC2452
Details	Threat Actor Identifier - APT	665		APT29