*.rdp files in Outlook temp folders

Neo23x0 · Neo23x0 · commit b09da86d548f · 2024-10-31T07:47:03.000+01:00
diff --git a/iocs/filename-iocs.txt b/iocs/filename-iocs.txt
@@ -4419,4 +4419,7 @@ C:\\perflogs\\RunSchedulerTaskOnce\.ps1;85
 /tmp/.xdiag/tordata/cached-microdesc-consensus.tmp;85
 /tmp/.xdiag/tordata/state.tmp;85
 
-# End
+# *.rdp files in Outlook temporary folders https://www.microsoft.com/en-us/security/blog/2024/10/29/midnight-blizzard-conducts-large-scale-spear-phishing-campaign-using-rdp-files/
+\\AppData\\Local\\Microsoft\\Windows\\(INetCache|Temporary Internet Files)\\Content\.Outlook\\\\[A-Z0-9]{8}\\[^\\]{1,255}\.rdp$
+
+# End
