Phishing Analysis

🔬 Threat Analysis Report

• Amenaza: Phishing de credenciales
• Objetivo: Empleados/Usuarios de BlueNord
• Método: Suplantación de identidad a través de formulario de inicio de sesión
• Exfil: Credenciales robadas
• Indicadores: Dominio no coincidente, formulario de inicio de sesión
• Riesgo: ALTO

🎯 Kit Endpoints

• https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000001-0000-cff1-ce00-179926144887&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=d98292e6-fa3f-ce32-3226-21bc5137cc6d&protectedtoken=true&domain_hint=bluenord.com&nonce=627893897796.ec82d3ed-b372-7cd6-3e42-fcfc13352e79&state=bmV0ZS5iZW5uaWtlQGJsdWVub3JkLmNvbQ#
• https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000001-0000-cff1-ce00-738662530229&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=d98292e6-fa3f-ce32-8018-21bc5137cc6d&protectedtoken=true&domain_hint=bluenord.com&nonce=925951997938.ec82d3ed-b372-7cd6-3e42-fcfc13352e79&state=bmV0ZS5iZW5uaWtlQGJsdWVub3JkLmNvbQ#
• https://passwordreset.microsoftonline.com/?ru=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000001-0000-cff1-ce00-647488289263&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=d98292e6-fa3f-ce32-4303-21bc5137cc6d&protectedtoken=true&domain_hint=bluenord.com&nonce=892673568462.ec82d3ed-b372-7cd6-3e42-fcfc13352e79&state=bmV0ZS5iZW5uaWtlQGJsdWVub3JkLmNvbQ#
• https://login.microsoftonline.com/common/login#

Domain Information