IOC Radar
DomainMediumSignal 77/100

ap-northeast-1-aws.s3-ua.cloud

First Seen
Nov 1, 2024
Last Seen
Feb 12, 2026
Nov 1
First Seen
596d ago
Feb 12
Last Seen
128d ago
4
Reports
source reports
77%
Confidence
medium
Found in 4 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
77%
Signal Score
77 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

29 techniques

Feed Intelligence Summary

4 reports77% confidence
4
Source reports
77%
Confidence score
Category tags
aptapt29attackbackdoorbotnetcommand and controlcozy bearcredential accesscredential harvestingcredential theftdata exfiltrationdistributed attacksindicatormalicious activitymalicious softwaremalwaremidnight blizzardnetworkphishing attackprocess injectionrdp configuration fileremote accessremote desktopremote servicesresearchedrussiasocial engineeringspear-phishingt1021t1021.001t1027t1055t1059.001t1071.001t1076t1078t1083t1105t1110.002t1115t1133t1176t1189t1192t1199t1204.002t1486t1496t1499.002t1499.003t1562.001t1563t1565t1566t1566.001t1566.002t1566.003threat actorunc2452

Activity Timeline

1 total obs
Feb 12Feb 12

Threat Activity Heatmap

· Peak: 2026-02-12
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
77
SIGNAL
Signal Score
77%
Confidence
4
Reports
First seenNov 1, 2024
Last seenFeb 12, 2026

VirusTotal

Not checked

WHOIS

description
On October 22, 2024, Microsoft identified a spear-phishing campaign in which Midnight Blizzard sent phishing emails to thousands of users in over 100 organizations. The emails were highly targeted, using social engineering lures relating to Microsoft, Amazon Web Services (AWS), and the concept of Zero Trust. The emails contained a Remote Desktop Protocol (RDP) configuration file signed with a LetsEncrypt certificate. RDP configuration (.RDP) files summarize automatic settings and resource mappings that are established when a successful connection to an RDP server occurs.

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 months ago
Appeared in 4 threat reports