BlueSky Ransomware Detection: Targets Windows Hosts and Leverages Multithreading for Faster Encryption - SOC Prime
Tags
cmtmf-attack-pattern: Boot Or Logon Autostart Execution
country: Russia
maec-delivery-vectors: Watering Hole
attack-pattern: Data Boot Or Logon Autostart Execution - T1547 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Tool - T1588.002 Vulnerabilities - T1588.006 Modify Registry - T1112 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID cca5b841-0c7c-4b9d-8f53-b7f927c13633
Fingerprint a7f5404f73b7e71e
Analysis status DONE
Considered CTI value 2
Text language
Published Aug. 16, 2022, 7:19 a.m.
Added to db Sept. 11, 2022, 12:45 p.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline BlueSky Ransomware Detection: Targets Windows Hosts and Leverages Multithreading for Faster Encryption
Title BlueSky Ransomware Detection: Targets Windows Hosts and Leverages Multithreading for Faster Encryption - SOC Prime
Detected Hints/Tags/Attributes 46/4/8
Source URLs
Redirection Url
Details Source https://socprime.com/blog/bluesky-ransomware-detection-targets-windows-hosts-and-leverages-multithreading-for-faster-encryption/
URL Provider
Details Provider Source level domain
Details socprime.com socprime.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 237 SOC Prime https://socprime.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 63 
cve-2020-0796
Details CVE 45 
cve-2021-1732
Details Domain 4 
kmsauto.us
Details File 3 
start.ps1
Details File 44 
javaw.exe
Details MITRE ATT&CK Techniques 207 
T1547
Details MITRE ATT&CK Techniques 550 
T1112
Details Url 2 
https://kmsauto.us/someone/start.ps1