Threat Advisory
Show in Graph
Image Description
Common Information
Type Value
UUID 0edde5d6-8408-4026-9fbc-ce381ea42bcb
Fingerprint 0c3473bccc60d433bda1b44054e84ffcbcb75001f3defd9b81853fc59ab1d8a7
Analysis status DONE
Considered CTI value 2
Text language
Published Dec. 6, 2023, 5:21 p.m.
Added to db Feb. 7, 2024, 7:38 p.m.
Last updated Aug. 31, 2024, 2:35 a.m.
Headline Threat Advisory
Title Threat Advisory
Detected Hints/Tags/Attributes 77/2/56
Source URLs
Redirection Url
Details Source https://www.hivepro.com/wp-content/uploads/2023/12/From-Brute-Force-to-BlueSky-Ransomware_TA2023490.pdf
URL Provider
Details Provider Source level domain
Details hivepro.com www.hivepro.com
Attributes
Details Type #Events CTI Value
Details CVE 140 
cve-2023-27350
Details Domain 2 
qlqd5zqefmkcr34a.onion.sh
Details Domain 8 
asq.d6shiiwz.pw
Details Domain 6 
asd.s7610rir.pw
Details Domain 8 
asq.r77vh0.pw
Details Domain 74 
thedfirreport.com
Details Domain 435 
www.hivepro.com
Details Domain 13 
www.papercut.com
Details File 87 
java.exe
Details File 6 
del.ps1
Details File 5 
checking.ps1
Details File 5 
invoke-powerdump.ps1
Details md5 2 
9e88c287eb376f3c319a5cb13f980d36
Details md5 2 
7b68bc3dd393c2e5273f180e361f178a
Details md5 3 
0c0195c48b6b8582fa6f6373032118da
Details md5 2 
bfd36fd6a20ccd39f5c3bb64a5c5dd8b
Details md5 2 
08bdf000031bbad1a836381f73adace5
Details md5 2 
42a80cc2333b612b63a859f17474c9af
Details sha1 2 
501af977080d56a55ff0aeba66b58e7f3d1404ea
Details sha1 2 
07610f11d3b8ccb7b60cc8ad033dda6c7d3940c4
Details sha1 2 
d25340ae8e92a6d29f599fef426a2bc1b5217299
Details sha1 2 
e938646862477e598fcda20d0b7551863f8b651c
Details sha1 2 
3dff4ae3c421c9143978f8fc9499dca4aed0eac5
Details sha1 2 
e7be97fb2200eb99805e39513304739a7a28b17e
Details IPv4 2 
5.188.86.237
Details IPv4 5 
83.97.20.81
Details MITRE ATT&CK Techniques 306 
T1078
Details MITRE ATT&CK Techniques 333 
T1059.003
Details MITRE ATT&CK Techniques 460 
T1059.001
Details MITRE ATT&CK Techniques 174 
T1569.002
Details MITRE ATT&CK Techniques 275 
T1053.005
Details MITRE ATT&CK Techniques 180 
T1543.003
Details MITRE ATT&CK Techniques 440 
T1055
Details MITRE ATT&CK Techniques 298 
T1562.001
Details MITRE ATT&CK Techniques 550 
T1112
Details MITRE ATT&CK Techniques 627 
T1027
Details MITRE ATT&CK Techniques 57 
T1036.004
Details MITRE ATT&CK Techniques 125 
T1110
Details MITRE ATT&CK Techniques 173 
T1003.001
Details MITRE ATT&CK Techniques 230 
T1033
Details MITRE ATT&CK Techniques 176 
T1135
Details MITRE ATT&CK Techniques 139 
T1021.002
Details MITRE ATT&CK Techniques 442 
T1071.001
Details MITRE ATT&CK Techniques 472 
T1486
Details Url 2 
http://qlqd5zqefmkcr34a.onion.sh/win/checking.hta
Details Url 3 
https://asq.d6shiiwz.pw/win/hssl/d6.hta
Details Url 2 
http://83.97.20.81/win/checking.hta
Details Url 2 
http://83.97.20.81/win/update.hta
Details Url 2 
https://asd.s7610rir.pw/win/checking.hta
Details Url 4 
https://asq.r77vh0.pw/win/hssl/r7.hta
Details Url 4 
http://asq.r77vh0.pw/win/checking.hta
Details Url 2 
http://5.188.86.237/vmware.exe
Details Url 1 
https://thedfirreport.com/2023/12/04/sql-brute-force-leads-to-bluesky-ransomware
Details Url 1 
https://www.hivepro.com/threat-advisory/bluesky-ransomware-incorporates-multithreading-to-
Details Url 1 
https://www.hivepro.com/threat-advisory/critical-papercut-security-vulnerabilities-actively-
Details Url 6 
https://www.papercut.com/kb/main/po-1216-and-po-1219