Pulse Detail — Threat Intelligence

PULSE NAME

Phishing Attack Leverages Azure Blob Storage to Impersonate Microsoft

WHITE FS13JKMK 2025-10-20 Modified: 2025-10-20

IOCs

MEDIUM VOLUME

The attack typically begins with emails featuring varied subject lines and message bodies, all containing links to Azure Blob Storage endpoints. These links often resemble routine Microsoft Forms or document sharing URLs, luring recipients into clicking. Once clicked, users are redirected to a fake login page hosted on a subdomain of blob.core.windows.net, where their credentials are harvested. https://cybersecuritynews.com/phishing-attack-leverages-azure-blob-storage/

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1566

Indicators of Compromise (36)

All hostname domain URL

TYPE	INDICATOR	DESCRIPTION	CREATED
hostname	anb.lumomn.shop	—	2025-10-20
hostname	byt.orboli.online	—	2025-10-20
hostname	hbp.fluxiv.life	—	2025-10-20
hostname	iih.thesparklebar.com	—	2025-10-20
hostname	lc.rocketcargo.com.br	—	2025-10-20
hostname	mpa.horiz.live	—	2025-10-20
hostname	pni.savuse.sbs	—	2025-10-20
hostname	pv.orthoplay.com.mx	—	2025-10-20
domain	rocketcargo.com.br	—	2025-10-20
hostname	avz.rocketcargo.com.br	—	2025-10-20
hostname	bp.rocketcargo.com.br	—	2025-10-20
hostname	bui.rocketcargo.com.br	—	2025-10-20
hostname	kert.rocketcargo.com.br	—	2025-10-20
hostname	mhd.rocketcargo.com.br	—	2025-10-20
hostname	vx.rocketcargo.com.br	—	2025-10-20
URL	http://asn.rocketcargo.com.br	—	2025-10-20
URL	http://avz.rocketcargo.com.br	—	2025-10-20
URL	http://bp.rocketcargo.com.br	—	2025-10-20
URL	http://bui.rocketcargo.com.br/	—	2025-10-20
URL	http://fg5.imj.rocketcargo.com.br/	—	2025-10-20
URL	http://fg7.it.rocketcargo.com.br/	—	2025-10-20
URL	http://iv.rocketcargo.com.br/	—	2025-10-20
URL	http://kert.rocketcargo.com.br/	—	2025-10-20
URL	http://lc.rocketcargo.com.br/	—	2025-10-20
URL	http://lf.bu.rocketcargo.com.br/	—	2025-10-20
URL	http://mhd.rocketcargo.com.br	—	2025-10-20
URL	https://asn.rocketcargo.com.br	—	2025-10-20
URL	https://asn.rocketcargo.com.br/	—	2025-10-20
URL	https://avz.rocketcargo.com.br	—	2025-10-20
URL	https://bp.rocketcargo.com.br	—	2025-10-20
URL	https://bui.rocketcargo.com.br/	—	2025-10-20
URL	https://izh.rocketcargo.com.br/	—	2025-10-20
URL	https://mhd.rocketcargo.com.br	—	2025-10-20
URL	https://nswjdhejdbhej.blob.core.windows.net/swnbvswjvs/njghvffcgvbh.html	https://urlscan.io/result/019a00ee-6136-75df-9734-a645131b6d6a/#summary	2025-10-20
URL	https://nsbwhjhdejkqjsw.blob.core.windows.net/snwjsbjhabhjzvh/bjhnaqjbdje.html	https://urlscan.io/result/019a00ef-c293-7768-aa6c-654584e587df/#summary	2025-10-20
URL	https://zsxdcfvgbhjhbh.blob.core.windows.net/dbhjebwjsbsjw/jbhdfcgvhbjn.html	https://urlscan.io/result/019a00f3-3e01-74cf-8813-5c2421f15057/#summary	2025-10-20