BlueSky Ransomware Blue Team Lab
Tags
cmtmf-attack-pattern: Process Injection
attack-pattern: Data Build Image On Host - T1612 Credentials - T1589.001 Malicious File - T1204.002 Powershell - T1059.001 Process Injection - T1631 Server - T1583.004 Server - T1584.004 Powershell - T1086 Process Injection - T1055
Show in Graph
Common Information
Type Value
UUID e697bea0-c63e-4643-8587-b32c8844b940
Fingerprint 35277113dcb785c5
Analysis status DONE
Considered CTI value 0
Text language
Published Nov. 23, 2024, 6:14 p.m.
Added to db Nov. 23, 2024, 7:18 p.m.
Last updated Dec. 21, 2024, 8:05 a.m.
Headline BlueSky Ransomware Blue Team Lab
Title BlueSky Ransomware Blue Team Lab
Detected Hints/Tags/Attributes 45/2/13
Source URLs
Redirection Url
Details Source https://medium.com/@abdelrahman0x1/bluesky-ransomware-blue-team-lab-1acfb50f4a10?source=rss------cybersecurity-5
URL Provider
Details Provider Source level domain
Details medium.com medium.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 167 Cybersecurity on Medium https://medium.com/feed/tag/cybersecurity 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 55 
cyberdefenders.org
Details Domain 6 
tcp.stream
Details File 1 
7login.pas
Details File 224 
winlogon.exe
Details File 7 
checking.ps1
Details File 8 
del.ps1
Details File 7 
invoke-powerdump.ps1
Details File 24 
hashes.txt
Details File 4 
extracted_hosts.txt
Details IPv4 3 
87.96.21.81
Details IPv4 4 
87.96.21.84
Details Url 4 
http://87.96.21.84/checking.ps1
Details Url 4 
http://87.96.21.84/del.ps1