*.rdp files in Outlook temp folders

Neo23x0 · Oct 31, 2024 · b09da86 · b09da86
1 parent d31123f
commit b09da86
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/iocs/filename-iocs.txt b/iocs/filename-iocs.txt
@@ -4419,4 +4419,7 @@ C:\\perflogs\\RunSchedulerTaskOnce\.ps1;85
 /tmp/.xdiag/tordata/cached-microdesc-consensus.tmp;85
 /tmp/.xdiag/tordata/state.tmp;85
 
-# End
+# *.rdp files in Outlook temporary folders https://www.microsoft.com/en-us/security/blog/2024/10/29/midnight-blizzard-conducts-large-scale-spear-phishing-campaign-using-rdp-files/
+\\AppData\\Local\\Microsoft\\Windows\\(INetCache|Temporary Internet Files)\\Content\.Outlook\\\\[A-Z0-9]{8}\\[^\\]{1,255}\.rdp$
+
+# End