{ "type": "URL", "indicator": "https://avz.rocketcargo.com.br", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://avz.rocketcargo.com.br", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4141502678, "indicator": "https://avz.rocketcargo.com.br", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "68f6048ea00a21828fc318f2", "name": "Phishing Attack Leverages Azure Blob Storage to Impersonate Microsoft", "description": "The attack typically begins with emails featuring varied subject lines and message bodies, all containing links to Azure Blob Storage endpoints. These links often resemble routine Microsoft Forms or document sharing URLs, luring recipients into clicking. Once clicked, users are redirected to a fake login page hosted on a subdomain of blob.core.windows.net, where their credentials are harvested.\n\nhttps://cybersecuritynews.com/phishing-attack-leverages-azure-blob-storage/", "modified": "2025-10-20T09:44:46.123000", "created": "2025-10-20T09:44:46.123000", "tags": [ "phishing", "microsoft", "azure", "azure-blob", "phishing-attack" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United Kingdom of Great Britain and Northern Ireland" ], "malware_families": [], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "FS13JKMK", "id": "312129", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_312129/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 14, "domain": 1, "URL": 21 }, "indicator_count": 36, "is_author": false, "is_subscribing": null, "subscriber_count": 71, "modified_text": "224 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [ "Government" ], "unique_indicators": 36 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/rocketcargo.com.br", "whois": "http://whois.domaintools.com/rocketcargo.com.br", "domain": "rocketcargo.com.br", "hostname": "avz.rocketcargo.com.br" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "68f6048ea00a21828fc318f2", "name": "Phishing Attack Leverages Azure Blob Storage to Impersonate Microsoft", "description": "The attack typically begins with emails featuring varied subject lines and message bodies, all containing links to Azure Blob Storage endpoints. These links often resemble routine Microsoft Forms or document sharing URLs, luring recipients into clicking. Once clicked, users are redirected to a fake login page hosted on a subdomain of blob.core.windows.net, where their credentials are harvested.\n\nhttps://cybersecuritynews.com/phishing-attack-leverages-azure-blob-storage/", "modified": "2025-10-20T09:44:46.123000", "created": "2025-10-20T09:44:46.123000", "tags": [ "phishing", "microsoft", "azure", "azure-blob", "phishing-attack" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United Kingdom of Great Britain and Northern Ireland" ], "malware_families": [], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "FS13JKMK", "id": "312129", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_312129/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 14, "domain": 1, "URL": 21 }, "indicator_count": 36, "is_author": false, "is_subscribing": null, "subscriber_count": 71, "modified_text": "224 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://avz.rocketcargo.com.br", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://avz.rocketcargo.com.br", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780315461.904589 }