← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Tracking the Operators of the Newly Emerged BlueSky Ransomware
CloudSEK discovered a financially motivated ransomware group, dubbed BlueSky, speculated to be connected to the Conti ransomware group.
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
BlueSky
Indicators of Compromise (11)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| URL | https://kmsauto.us/someone/ghost.exe | — | 2022-07-15 | |
| URL | https://kmsauto.us/someone/potato.exe | — | 2022-07-15 | |
| URL | https://kmsauto.us/someone/spooler.exe | — | 2022-07-15 | |
| URL | https://kmsauto.us/someone/start.ps1 | — | 2022-07-15 | |
| domain | kmsauto.us | — | 2022-07-15 | |
| CVE | CVE-2020-0796 | — | 2022-07-15 | |
| CVE | CVE-2022-21882 | — | 2022-07-15 | |
| FileHash-MD5 | d8a44d2ed34b5fee7c8e24d998f805d9 | MD5 of d8369cb0d8ccec95b2a49ba34aa7749b60998661 | 2022-07-15 | |
| FileHash-SHA1 | d8369cb0d8ccec95b2a49ba34aa7749b60998661 | — | 2022-07-15 | |
| FileHash-SHA256 | 3e035f2d7d30869ce53171ef5a0f761bfb9c14d94d9fe6da385e20b8d96dc2fb | SHA256 of d8369cb0d8ccec95b2a49ba34aa7749b60998661 | 2022-07-15 | |
| URL | https://kmsauto.us/someone/l.exe | — | 2022-07-15 |