BlueSky Ransomware | AD Lateral Movement, Evasion and Fast Encryption Put Threat on the Radar
Tags
cmtmf-attack-pattern: System Network Connections Discovery
maec-delivery-vectors: Watering Hole
attack-pattern: Data Credentials In Files - T1552.001 Data Destruction - T1662 Data Destruction - T1485 Data Encrypted For Impact - T1471 Data Encrypted For Impact - T1486 Data From Local System - T1533 Exploits - T1587.004 Exploits - T1588.005 File And Directory Discovery - T1420 Hooking - T1617 System Network Configuration Discovery - T1422 System Network Connections Discovery - T1421 Malware - T1587.001 Malware - T1588.001 Process Discovery - T1424 System Information Discovery - T1426 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Smb/Windows Admin Shares - T1021.002 Software - T1592.002 Unsecured Credentials - T1552 Vulnerabilities - T1588.006 Automated Collection - T1119 Credentials In Files - T1081 Data From Local System - T1005 File And Directory Discovery - T1083 Hooking - T1179 Network Share Discovery - T1135 Powershell - T1086 Process Discovery - T1057 Query Registry - T1012 Remote Services - T1021 System Information Discovery - T1082 System Network Configuration Discovery - T1016 System Network Connections Discovery - T1049 Automated Collection Data Destruction Hooking
Show in Graph
Common Information
Type Value
UUID 608faf55-9c0e-4147-916f-c022d18406ea
Fingerprint a776a0592354eec9
Analysis status DONE
Considered CTI value 2
Text language
Published Aug. 25, 2022, midnight
Added to db June 1, 2023, 11:05 a.m.
Last updated Nov. 17, 2024, 10:43 p.m.
Headline BlueSky Ransomware | AD Lateral Movement, Evasion and Fast Encryption Put Threat on the Radar
Title BlueSky Ransomware | AD Lateral Movement, Evasion and Fast Encryption Put Threat on the Radar
Detected Hints/Tags/Attributes 84/3/62
Source URLs
Redirection Url
Details Source https://www.sentinelone.com/blog/bluesky-ransomware-ad-lateral-movement-evasion-and-fast-encryption-puts-threat-on-the-radar/
URL Provider
Details Provider Source level domain
Details sentinelone.com www.sentinelone.com
Attributes
Details Type #Events CTI Value
Details CVE 19 
cve-2022-21882
Details CVE 63 
cve-2020-0796
Details CVE 45 
cve-2021-1732
Details Domain 538 
pic.twitter.com
Details Domain 4 
kmsauto.us
Details Domain 2 
ccpyeuptrlatb2piua4ukhnhi7lrxgerrcrj4p2b5uhbzqm2xgdjaqid.onion
Details File 19 
l.exe
Details File 1 
potato.exe
Details File 4 
spooler.exe
Details File 1 
off.bin
Details File 3 
ghost.exe
Details File 6 
i.exe
Details File 1 
sti.bin
Details File 3 
start.ps1
Details File 1 
stage.ps1
Details File 1 
%appdata%\microsoft\windows\start menu\programs\startup\javaw.exe
Details sha1 2 
d8369cb0d8ccec95b2a49ba34aa7749b60998661
Details sha1 1 
a306aa69d4ac0087c6dad1851c7f500710c829e3
Details sha1 1 
720714032a7a8ee72f034ddbb0578b910e6c9885
Details sha1 1 
1bab1913533d5748e9cda388f55c446be6b770ff
Details sha1 1 
71e3cc4a53a9cf4cb5e5c3998afe891cd78c09aa
Details sha1 1 
429237548351288fac00e0909616b1518d5487b9
Details sha1 1 
9fc631bdd0d05d750e343c802e132b56e5121243
Details sha1 2 
59e756e0da6a82a0f9046a3538d507c75eb95252
Details sha1 1 
a9233cb65ab53a08a4cce24a134c5b9296672a32
Details sha256 2 
3e035f2d7d30869ce53171ef5a0f761bfb9c14d94d9fe6da385e20b8d96dc2fb
Details sha256 1 
840af927adbfdeb7070e1cf73ed195cf48c8d5f35b6de12f58b73898d7056d3d
Details sha256 1 
e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de364f
Details sha256 1 
2280898cb29faf1785e782596d8029cb471537ec38352e5c17cc263f1f52b8ef
Details sha256 1 
d6386b2747335f7b0d13b1f69d995944ad8e9b71e09b036dbc0b907e583d857a
Details sha256 1 
c75748dc544629a8a5d08c0d8ba7fda3508a3efdaed905ad800ffddbc8d3b8df
Details sha256 1 
c3d5248230230e33565c04019801892174a6e5d8f688d61002e369b0b9e441ff
Details sha256 5 
b5b105751a2bf965a6b78eeff100fe4c75282ad6f37f98b9adcd15d8c64283ec
Details sha256 1 
dcdba086e6d0cd3067d3998bb624be16c805b2cde76a451c0ceaf30d66ba7349
Details IPv4 2 
80.66.75.88
Details MITRE ATT&CK Techniques 89 
T1552.001
Details MITRE ATT&CK Techniques 119 
T1049
Details MITRE ATT&CK Techniques 13 
T1422
Details MITRE ATT&CK Techniques 585 
T1083
Details MITRE ATT&CK Techniques 501 
T1012
Details MITRE ATT&CK Techniques 1006 
T1082
Details MITRE ATT&CK Techniques 111 
T1119
Details MITRE ATT&CK Techniques 534 
T1005
Details MITRE ATT&CK Techniques 472 
T1486
Details MITRE ATT&CK Techniques 176 
T1135
Details MITRE ATT&CK Techniques 139 
T1021.002
Details MITRE ATT&CK Techniques 7 
T0809
Details Url 1 
http://kmsauto.us/alguien/l.exe
Details Url 1 
http://kmsauto.us/alguien/potato.exe
Details Url 1 
http://kmsauto.us/alguien/spooler.exe
Details Url 1 
http://kmsauto.us/off/off.bin
Details Url 1 
http://kmsauto.us/someone/ghost.exe
Details Url 1 
http://kmsauto.us/someone/i.exe
Details Url 1 
http://kmsauto.us/someone/potato.exe
Details Url 1 
http://kmsauto.us/sti/sti.bin
Details Url 1 
https://kmsauto.us/alguien/l.exe
Details Url 1 
https://kmsauto.us/alguien/spooler.exe
Details Url 3 
https://kmsauto.us/ekonomika
Details Url 2 
https://kmsauto.us/someone/l.exe
Details Url 1 
https://kmsauto.us/someone/potato.exe
Details Url 2 
https://kmsauto.us/someone/start.ps1
Details Url 3 
https://kmsauto.us/v-mire