Pulse Detail — Threat Intelligence

PULSE NAME

Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files | Microsoft Security Blog

WHITE jacksparrow 2024-12-06 Modified: 2024-12-06

282

IOCs

HIGH VOLUME

Microsoft is investigating a large-scale spear-phishing campaign targeting individuals, companies and governments in a range of sectors, as well as the Russian government, which is believed to be targeting Microsoft employees.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1199 T1115 T1176 T1566 T1021

MALWARE FAMILIES

APT29

Indicators of Compromise (282)

All FileHash-MD5 domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	392e4194f0f26165030055c3f1de6080	—	2024-12-06
domain	cewalton.com	—	2024-12-06
domain	sellar.co.uk	—	2024-12-06
domain	swpartners.com.au	—	2024-12-06
domain	totalconstruction.com.au	—	2024-12-06
domain	townoflakelure.com	—	2024-12-06
hostname	ap-northeast-1-aws.s3-ua.cloud	—	2024-12-06
hostname	ap-northeast-1-aws.ukrainesec.cloud	—	2024-12-06
hostname	ca-central-1.gov-ua.cloud	—	2024-12-06
hostname	ca-central-1.ua-gov.cloud	—	2024-12-06
hostname	ca-west-1.aws-ukraine.cloud	—	2024-12-06
hostname	ca-west-1.mfa-gov.cloud	—	2024-12-06
hostname	ca-west-1.ukrtelecom.cloud	—	2024-12-06
hostname	central-2-aws.ua-mil.cloud	—	2024-12-06
hostname	central-2-aws.ua-sec.cloud	—	2024-12-06
hostname	central-2-aws.ukrainesec.cloud	—	2024-12-06
hostname	central-2-aws.ukrtelecom.cloud	—	2024-12-06
hostname	eu-central-1-aws.amazonsolutions.cloud	—	2024-12-06
hostname	eu-central-1-aws.dep-no.cloud	—	2024-12-06
hostname	eu-central-1-aws.gov-pl.cloud	—	2024-12-06
hostname	eu-central-1-aws.gov-sk.cloud	—	2024-12-06
hostname	eu-central-1-aws.gov-trust.cloud	—	2024-12-06
hostname	eu-central-1-aws.mfa-gov.cloud	—	2024-12-06
hostname	eu-central-1-aws.minbuza.cloud	—	2024-12-06
hostname	eu-central-1-aws.mindef-nl.cloud	—	2024-12-06
hostname	eu-central-1-aws.msz-pl.cloud	—	2024-12-06
hostname	eu-central-1-aws.mzv-sk.cloud	—	2024-12-06
hostname	eu-central-1-aws.ncfta.cloud	—	2024-12-06
hostname	eu-central-1-aws.presidencia-pt.cloud	—	2024-12-06
hostname	eu-central-1-aws.quirinale.cloud	—	2024-12-06
hostname	eu-central-1-aws.regeringskansliet-se.cloud	—	2024-12-06
hostname	eu-central-1-aws.s3-be.cloud	—	2024-12-06
hostname	eu-central-1-aws.s3-ua.cloud	—	2024-12-06
hostname	eu-central-1-aws.ua-gov.cloud	—	2024-12-06
hostname	eu-central-1-aws.ukrainesec.cloud	—	2024-12-06
hostname	eu-central-1.difesa-it.cloud	—	2024-12-06
hostname	eu-central-1.mfa-gov.cloud	—	2024-12-06
hostname	eu-central-1.mil-be.cloud	—	2024-12-06
hostname	eu-central-1.mil-pl.cloud	—	2024-12-06
hostname	eu-central-1.minbuza.cloud	—	2024-12-06
hostname	eu-central-1.mindef-nl.cloud	—	2024-12-06
hostname	eu-central-1.msz-pl.cloud	—	2024-12-06
hostname	eu-central-1.quirinale.cloud	—	2024-12-06
hostname	eu-central-1.regeringskansliet-se.cloud	—	2024-12-06
hostname	eu-central-1.s3-be.cloud	—	2024-12-06
hostname	eu-central-1.s3-esa.cloud	—	2024-12-06
hostname	eu-central-1.s3-nato.cloud	—	2024-12-06
hostname	eu-central-1.ua-gov.cloud	—	2024-12-06
hostname	eu-central-1.ua-sec.cloud	—	2024-12-06
hostname	eu-central-1.ukrtelecom.cloud	—	2024-12-06
hostname	eu-central-2-aws.amazonsolutions.cloud	—	2024-12-06
hostname	eu-central-2-aws.aws-ukraine.cloud	—	2024-12-06
hostname	eu-central-2-aws.dep-no.cloud	—	2024-12-06
hostname	eu-central-2-aws.gov-pl.cloud	—	2024-12-06
hostname	eu-central-2-aws.gov-sk.cloud	—	2024-12-06
hostname	eu-central-2-aws.mil-be.cloud	—	2024-12-06
hostname	eu-central-2-aws.mil-pl.cloud	—	2024-12-06
hostname	eu-central-2-aws.mindef-nl.cloud	—	2024-12-06
hostname	eu-central-2-aws.msz-pl.cloud	—	2024-12-06
hostname	eu-central-2-aws.mzv-sk.cloud	—	2024-12-06
hostname	eu-central-2-aws.presidencia-pt.cloud	—	2024-12-06
hostname	eu-central-2-aws.regeringskansliet-se.cloud	—	2024-12-06
hostname	eu-central-2-aws.s3-be.cloud	—	2024-12-06
hostname	eu-central-2-aws.ua-gov.cloud	—	2024-12-06
hostname	eu-central-2-aws.ua-mil.cloud	—	2024-12-06
hostname	eu-central-2-aws.ukrtelecom.cloud	—	2024-12-06
hostname	eu-east-1-aws.amazonsolutions.cloud	—	2024-12-06
hostname	eu-east-1-aws.dep-no.cloud	—	2024-12-06
hostname	eu-east-1-aws.gov-sk.cloud	—	2024-12-06
hostname	eu-east-1-aws.gov-ua.cloud	—	2024-12-06
hostname	eu-east-1-aws.mil-be.cloud	—	2024-12-06
hostname	eu-east-1-aws.mil-pl.cloud	—	2024-12-06
hostname	eu-east-1-aws.minbuza.cloud	—	2024-12-06
hostname	eu-east-1-aws.mindef-nl.cloud	—	2024-12-06
hostname	eu-east-1-aws.msz-pl.cloud	—	2024-12-06
hostname	eu-east-1-aws.mzv-sk.cloud	—	2024-12-06
hostname	eu-east-1-aws.quirinale.cloud	—	2024-12-06
hostname	eu-east-1-aws.regeringskansliet-se.cloud	—	2024-12-06
hostname	eu-east-1-aws.s3-be.cloud	—	2024-12-06
hostname	eu-east-1-aws.s3-de.cloud	—	2024-12-06
hostname	eu-east-1-aws.ua-gov.cloud	—	2024-12-06
hostname	eu-east-1-aws.ua-sec.cloud	—	2024-12-06
hostname	eu-east-1-aws.ukrtelecom.cloud	—	2024-12-06
hostname	eu-north-1-aws.dep-no.cloud	—	2024-12-06
hostname	eu-north-1-aws.difesa-it.cloud	—	2024-12-06
hostname	eu-north-1-aws.gov-pl.cloud	—	2024-12-06
hostname	eu-north-1-aws.gov-sk.cloud	—	2024-12-06
hostname	eu-north-1-aws.mil-be.cloud	—	2024-12-06
hostname	eu-north-1-aws.mil-pl.cloud	—	2024-12-06
hostname	eu-north-1-aws.minbuza.cloud	—	2024-12-06
hostname	eu-north-1-aws.ncfta.cloud	—	2024-12-06
hostname	eu-north-1-aws.presidencia-pt.cloud	—	2024-12-06
hostname	eu-north-1-aws.quirinale.cloud	—	2024-12-06
hostname	eu-north-1-aws.regeringskansliet-se.cloud	—	2024-12-06
hostname	eu-north-1-aws.s3-be.cloud	—	2024-12-06
hostname	eu-north-1-aws.s3-de.cloud	—	2024-12-06
hostname	eu-north-1-aws.ua-energy.cloud	—	2024-12-06
hostname	eu-north-1-aws.ua-gov.cloud	—	2024-12-06
hostname	eu-north-1.difesa-it.cloud	—	2024-12-06
hostname	eu-north-1.gov-trust.cloud	—	2024-12-06
hostname	eu-north-1.gov-ua.cloud	—	2024-12-06
hostname	eu-north-1.gv-at.cloud	—	2024-12-06
hostname	eu-north-1.mil-be.cloud	—	2024-12-06
hostname	eu-north-1.mil-pl.cloud	—	2024-12-06
hostname	eu-north-1.mzv-sk.cloud	—	2024-12-06
hostname	eu-north-1.ncfta.cloud	—	2024-12-06
hostname	eu-north-1.regeringskansliet-se.cloud	—	2024-12-06
hostname	eu-north-1.s3-be.cloud	—	2024-12-06
hostname	eu-north-1.s3-de.cloud	—	2024-12-06
hostname	eu-north-1.s3-ua.cloud	—	2024-12-06
hostname	eu-south-1-aws.admin-ch.cloud	—	2024-12-06
hostname	eu-south-1-aws.dep-no.cloud	—	2024-12-06
hostname	eu-south-1-aws.difesa-it.cloud	—	2024-12-06
hostname	eu-south-1-aws.gov-pl.cloud	—	2024-12-06
hostname	eu-south-1-aws.gov-trust.cloud	—	2024-12-06
hostname	eu-south-1-aws.mfa-gov.cloud	—	2024-12-06
hostname	eu-south-1-aws.mil-be.cloud	—	2024-12-06
hostname	eu-south-1-aws.minbuza.cloud	—	2024-12-06
hostname	eu-south-1-aws.mzv-sk.cloud	—	2024-12-06
hostname	eu-south-1-aws.quirinale.cloud	—	2024-12-06
hostname	eu-south-1-aws.s3-be.cloud	—	2024-12-06
hostname	eu-south-1-aws.s3-de.cloud	—	2024-12-06
hostname	eu-south-1-aws.ua-gov.cloud	—	2024-12-06
hostname	eu-south-2-aws.amazonsolutions.cloud	—	2024-12-06
hostname	eu-south-2-aws.dep-no.cloud	—	2024-12-06
hostname	eu-south-2-aws.gov-pl.cloud	—	2024-12-06
hostname	eu-south-2-aws.gov-sk.cloud	—	2024-12-06
hostname	eu-south-2-aws.mfa-gov.cloud	—	2024-12-06
hostname	eu-south-2-aws.mil-be.cloud	—	2024-12-06
hostname	eu-south-2-aws.mil-pl.cloud	—	2024-12-06
hostname	eu-south-2-aws.mil-pt.cloud	—	2024-12-06
hostname	eu-south-2-aws.minbuza.cloud	—	2024-12-06
hostname	eu-south-2-aws.msz-pl.cloud	—	2024-12-06
hostname	eu-south-2-aws.mzv-sk.cloud	—	2024-12-06
hostname	eu-south-2-aws.ncfta.cloud	—	2024-12-06
hostname	eu-south-2-aws.quirinale.cloud	—	2024-12-06
hostname	eu-south-2-aws.regeringskansliet-se.cloud	—	2024-12-06
hostname	eu-south-2-aws.s3-be.cloud	—	2024-12-06
hostname	eu-south-2-aws.s3-de.cloud	—	2024-12-06
hostname	eu-south-2-aws.s3-esa.cloud	—	2024-12-06
hostname	eu-south-2-aws.s3-nato.cloud	—	2024-12-06
hostname	eu-south-2-aws.s3-ua.cloud	—	2024-12-06
hostname	eu-south-2-aws.ua-gov.cloud	—	2024-12-06
hostname	eu-south-2.dep-no.cloud	—	2024-12-06
hostname	eu-south-2.gov-pl.cloud	—	2024-12-06
hostname	eu-south-2.gov-sk.cloud	—	2024-12-06
hostname	eu-south-2.mil-be.cloud	—	2024-12-06
hostname	eu-south-2.mil-pl.cloud	—	2024-12-06
hostname	eu-south-2.mindef-nl.cloud	—	2024-12-06
hostname	eu-south-2.s3-be.cloud	—	2024-12-06
hostname	eu-south-2.s3-de.cloud	—	2024-12-06
hostname	eu-south-2.s3-esa.cloud	—	2024-12-06
hostname	eu-south-2.s3-nato.cloud	—	2024-12-06
hostname	eu-south-2.ua-sec.cloud	—	2024-12-06
hostname	eu-south-2.ukrainesec.cloud	—	2024-12-06
hostname	eu-southeast-1-aws.amazonsolutions.cloud	—	2024-12-06
hostname	eu-southeast-1-aws.aws-ukraine.cloud	—	2024-12-06
hostname	eu-southeast-1-aws.dep-no.cloud	—	2024-12-06
hostname	eu-southeast-1-aws.difesa-it.cloud	—	2024-12-06
hostname	eu-southeast-1-aws.gov-sk.cloud	—	2024-12-06
hostname	eu-southeast-1-aws.gov-trust.cloud	—	2024-12-06
hostname	eu-southeast-1-aws.mil-be.cloud	—	2024-12-06
hostname	eu-southeast-1-aws.mil-pl.cloud	—	2024-12-06
hostname	eu-southeast-1-aws.mindef-nl.cloud	—	2024-12-06
hostname	eu-southeast-1-aws.msz-pl.cloud	—	2024-12-06
hostname	eu-southeast-1-aws.mzv-cz.cloud	—	2024-12-06
hostname	eu-southeast-1-aws.mzv-sk.cloud	—	2024-12-06
hostname	eu-southeast-1-aws.quirinale.cloud	—	2024-12-06
hostname	eu-southeast-1-aws.s3-be.cloud	—	2024-12-06
hostname	eu-southeast-1-aws.s3-de.cloud	—	2024-12-06
hostname	eu-southeast-1-aws.s3-esa.cloud	—	2024-12-06
hostname	eu-southeast-1-aws.s3-ua.cloud	—	2024-12-06
hostname	eu-southeast-1-aws.ua-energy.cloud	—	2024-12-06
hostname	eu-southeast-1-aws.ukrainesec.cloud	—	2024-12-06
hostname	eu-west-1-aws.amazonsolutions.cloud	—	2024-12-06
hostname	eu-west-1-aws.aws-ukraine.cloud	—	2024-12-06
hostname	eu-west-1-aws.dep-no.cloud	—	2024-12-06
hostname	eu-west-1-aws.gov-pl.cloud	—	2024-12-06
hostname	eu-west-1-aws.gov-sk.cloud	—	2024-12-06
hostname	eu-west-1-aws.gov-trust.cloud	—	2024-12-06
hostname	eu-west-1-aws.gov-ua.cloud	—	2024-12-06
hostname	eu-west-1-aws.mil-be.cloud	—	2024-12-06
hostname	eu-west-1-aws.mil-pl.cloud	—	2024-12-06
hostname	eu-west-1-aws.minbuza.cloud	—	2024-12-06
hostname	eu-west-1-aws.quirinale.cloud	—	2024-12-06
hostname	eu-west-1-aws.s3-be.cloud	—	2024-12-06
hostname	eu-west-1-aws.s3-de.cloud	—	2024-12-06
hostname	eu-west-1-aws.s3-esa.cloud	—	2024-12-06
hostname	eu-west-1-aws.s3-nato.cloud	—	2024-12-06
hostname	eu-west-1-aws.ua-sec.cloud	—	2024-12-06
hostname	eu-west-1-aws.ukrainesec.cloud	—	2024-12-06
hostname	eu-west-1.aws-ukraine.cloud	—	2024-12-06
hostname	eu-west-1.difesa-it.cloud	—	2024-12-06
hostname	eu-west-1.gov-sk.cloud	—	2024-12-06
hostname	eu-west-1.mil-be.cloud	—	2024-12-06
hostname	eu-west-1.mil-pl.cloud	—	2024-12-06
hostname	eu-west-1.minbuza.cloud	—	2024-12-06
hostname	eu-west-1.msz-pl.cloud	—	2024-12-06
hostname	eu-west-1.mzv-sk.cloud	—	2024-12-06
hostname	eu-west-1.regeringskansliet-se.cloud	—	2024-12-06
hostname	eu-west-1.s3-de.cloud	—	2024-12-06
hostname	eu-west-1.s3-esa.cloud	—	2024-12-06
hostname	eu-west-1.s3-ua.cloud	—	2024-12-06
hostname	eu-west-1.ua-gov.cloud	—	2024-12-06
hostname	eu-west-1.ukrtelecom.cloud	—	2024-12-06
hostname	eu-west-2-aws.amazonsolutions.cloud	—	2024-12-06
hostname	eu-west-2-aws.dep-no.cloud	—	2024-12-06
hostname	eu-west-2-aws.difesa-it.cloud	—	2024-12-06
hostname	eu-west-2-aws.gov-pl.cloud	—	2024-12-06
hostname	eu-west-2-aws.gov-sk.cloud	—	2024-12-06
hostname	eu-west-2-aws.gv-at.cloud	—	2024-12-06
hostname	eu-west-2-aws.mil-be.cloud	—	2024-12-06
hostname	eu-west-2-aws.mil-pl.cloud	—	2024-12-06
hostname	eu-west-2-aws.minbuza.cloud	—	2024-12-06
hostname	eu-west-2-aws.mindef-nl.cloud	—	2024-12-06
hostname	eu-west-2-aws.msz-pl.cloud	—	2024-12-06
hostname	eu-west-2-aws.mzv-sk.cloud	—	2024-12-06
hostname	eu-west-2-aws.quirinale.cloud	—	2024-12-06
hostname	eu-west-2-aws.s3-be.cloud	—	2024-12-06
hostname	eu-west-2-aws.s3-de.cloud	—	2024-12-06
hostname	eu-west-2-aws.s3-esa.cloud	—	2024-12-06
hostname	eu-west-2-aws.s3-nato.cloud	—	2024-12-06
hostname	eu-west-2-aws.s3-ua.cloud	—	2024-12-06
hostname	eu-west-2-aws.ua-sec.cloud	—	2024-12-06
hostname	eu-west-3-aws.aws-ukraine.cloud	—	2024-12-06
hostname	eu-west-3-aws.dep-no.cloud	—	2024-12-06
hostname	eu-west-3-aws.difesa-it.cloud	—	2024-12-06
hostname	eu-west-3-aws.gov-pl.cloud	—	2024-12-06
hostname	eu-west-3-aws.gov-sk.cloud	—	2024-12-06
hostname	eu-west-3-aws.gov-trust.cloud	—	2024-12-06
hostname	eu-west-3-aws.mil-be.cloud	—	2024-12-06
hostname	eu-west-3-aws.mil-pl.cloud	—	2024-12-06
hostname	eu-west-3-aws.mil-pt.cloud	—	2024-12-06
hostname	eu-west-3-aws.minbuza.cloud	—	2024-12-06
hostname	eu-west-3-aws.mindef-nl.cloud	—	2024-12-06
hostname	eu-west-3-aws.msz-pl.cloud	—	2024-12-06
hostname	eu-west-3-aws.mzv-sk.cloud	—	2024-12-06
hostname	eu-west-3-aws.quirinale.cloud	—	2024-12-06
hostname	eu-west-3-aws.regeringskansliet-se.cloud	—	2024-12-06
hostname	eu-west-3-aws.s3-be.cloud	—	2024-12-06
hostname	eu-west-3-aws.s3-ua.cloud	—	2024-12-06
hostname	eu-west-3-aws.ua-mil.cloud	—	2024-12-06
hostname	eu-west-3.amazonsolutions.cloud	—	2024-12-06
hostname	eu-west-3.aws-ukraine.cloud	—	2024-12-06
hostname	eu-west-3.mil-be.cloud	—	2024-12-06
hostname	eu-west-3.mil-pl.cloud	—	2024-12-06
hostname	eu-west-3.minbuza.cloud	—	2024-12-06
hostname	eu-west-3.mindef-nl.cloud	—	2024-12-06
hostname	eu-west-3.msz-pl.cloud	—	2024-12-06
hostname	eu-west-3.mzv-sk.cloud	—	2024-12-06
hostname	eu-west-3.presidencia-pt.cloud	—	2024-12-06
hostname	eu-west-3.s3-be.cloud	—	2024-12-06
hostname	eu-west-3.s3-ua.cloud	—	2024-12-06
hostname	eu-west-3.ukrainesec.cloud	—	2024-12-06
hostname	eu-west-3.ukrtelecom.cloud	—	2024-12-06
hostname	us-east-1-aws.mfa-gov.cloud	—	2024-12-06
hostname	us-east-1-aws.s3-ua.cloud	—	2024-12-06
hostname	us-east-1-aws.ua-gov.cloud	—	2024-12-06
hostname	us-east-1-aws.ua-sec.cloud	—	2024-12-06
hostname	us-east-2-aws.gov-ua.cloud	—	2024-12-06
hostname	us-east-2-aws.ua-gov.cloud	—	2024-12-06
hostname	us-east-2-aws.ukrtelecom.cloud	—	2024-12-06
hostname	us-east-2.aws-ukraine.cloud	—	2024-12-06
hostname	us-east-2.gov-ua.cloud	—	2024-12-06
hostname	us-east-2.ua-sec.cloud	—	2024-12-06
hostname	us-east-2.ukrainesec.cloud	—	2024-12-06
hostname	us-east-console.aws-ukraine.cloud	—	2024-12-06
hostname	us-east-console.ua-energy.cloud	—	2024-12-06
hostname	us-west-1-amazon.ua-energy.cloud	—	2024-12-06
hostname	us-west-1-amazon.ua-mil.cloud	—	2024-12-06
hostname	us-west-1-amazon.ua-sec.cloud	—	2024-12-06
hostname	us-west-1-aws.gov-ua.cloud	—	2024-12-06
hostname	us-west-1.aws-ukraine.cloud	—	2024-12-06
hostname	us-west-1.ua-energy.cloud	—	2024-12-06
hostname	us-west-1.ua-gov.cloud	—	2024-12-06
hostname	us-west-1.ukrtelecom.cloud	—	2024-12-06
hostname	us-west-2-aws.mfa-gov.cloud	—	2024-12-06
hostname	us-west-2-aws.s3-ua.cloud	—	2024-12-06
hostname	us-west-2-aws.ua-energy.cloud	—	2024-12-06
hostname	us-west-2.gov-ua.cloud	—	2024-12-06
hostname	us-west-2.ua-energy.cloud	—	2024-12-06
hostname	us-west-2.ua-sec.cloud	—	2024-12-06

References (1)

↗ https://www.microsoft.com/en-us/security/blog/2024/10/29/midnight-blizzard-conducts-large-scale-spear-phishing-campaign-using-rdp-files/