BlueSky Ransomware Infects KMSAuto Activator users
Tags
country: Russia
attack-pattern: Dns - T1071.004 Dns - T1590.002 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Whois - T1596.002 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 98f35050-bad9-4ed4-97a7-1890d315137b
Fingerprint 915dc0d90b739202
Analysis status DONE
Considered CTI value 0
Text language
Published July 20, 2022, 8:33 p.m.
Added to db Dec. 21, 2022, 4:55 p.m.
Last updated Nov. 17, 2024, 5:55 p.m.
Headline BlueSky Ransomware Infects KMSAuto Activator users
Title BlueSky Ransomware Infects KMSAuto Activator users
Detected Hints/Tags/Attributes 28/2/11
Source URLs
Redirection Url
Details Source https://zerosecurity.org/2022/07/bluesky-ransomware-infects-kmsauto-activator-users/
URL Provider
Details Provider Source level domain
Details zerosecurity.org zerosecurity.org
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 505 Zerosecurity https://zerosecurity.org/feed/ 2024-08-31 10:08
Attributes
Details Type #Events CTI Value
Details CVE 19 
cve-2022-21882
Details CVE 63 
cve-2020-0796
Details Domain 4 
kmsauto.us
Details File 44 
javaw.exe
Details File 9 
2.ps1
Details File 19 
l.exe
Details Url 1 
http://kmsauto.us/someone/l.exe
Details Url 3 
https://kmsauto.us/v-mire
Details Url 2 
https://kmsauto.us/kriminal
Details Url 2 
https://kmsauto.us/religiya
Details Url 3 
https://kmsauto.us/ekonomika