← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
BlueSky Ransomware: Fast Encryption via Multithreading
WHITE CyberHunter_NL 2022-08-11 Modified: 2022-08-11
61
IOCs
HIGH VOLUME
BlueSky ransomware is an emerging family of malware that targets Windows hosts and demands a ransom for the decryption of data, according to research conducted by Palo Alto Networks and carried out a security analysis.
blueskycontifigureunitdecrypt fileshkcusoftwarecurve25519recovery blobransomwarewindowsconti v3wildfirejuicypotatodropperpowershellredlinedownloadercode
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
BlueSky Conti
Indicators of Compromise (61)
All URL domain CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
URL https://kmsauto.us/someone/ghost.exe 2022-08-11
URL https://kmsauto.us/someone/potato.exe 2022-08-11
URL https://kmsauto.us/someone/spooler.exe 2022-08-11
domain kmsauto.us 2022-08-11
CVE CVE-2020-0796 2022-08-11
CVE CVE-2021-1732 2022-08-11
FileHash-MD5 01d66a03a0de2ee2eacacaa3ac98f0aa MD5 of 2280898cb29faf1785e782596d8029cb471537ec38352e5c17cc263f1f52b8ef 2022-08-11
FileHash-MD5 1c6733540b02c1681b21884dd67ce52f MD5 of c4e47cba1c5fedf9ba522bc2d2de54a482e0ac29c98358390af6dadc0a7d65ce 2022-08-11
FileHash-MD5 4032a356d0bb5dd476209a641a5e0275 MD5 of 6c94a1bc67af21cedb0bffac03019dbf870649a182e58cc5960969adf4fbdd48 2022-08-11
FileHash-MD5 5ef5cf7dd67af3650824cbc49ffa9999 MD5 of e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de364f 2022-08-11
FileHash-MD5 848974fba78de7f3f3a0bbec7dd502d4 MD5 of 840af927adbfdeb7070e1cf73ed195cf48c8d5f35b6de12f58b73898d7056d3d 2022-08-11
FileHash-MD5 b41896123586665144ccbba47660791d MD5 of 624f129189a05897c176e9feb519521c1b6ef528b0b52e1a7a3290e5a2313a6b MD5 of 624f129189a05897c176e9feb519521c1b6ef528b0b52e1a7a3290e5a2313a6b 2022-08-11
FileHash-MD5 b48dea0c642487df2482ab8fa55bb923 MD5 of 0dfe7a93ff40834c072c7fdd9381771b1086b67f545fa83c766b2d67a911e47b 2022-08-11
FileHash-MD5 bf88467ccf7ebf8434fa074016bf7436 MD5 of cf64c08d97e6dfa5588c5fa016c25c4131ccc61b8deada7f9c8b2a41d8f5a32c 2022-08-11
FileHash-MD5 d38aea02881ff45b60e6b2c11cd44916 MD5 of aa7ff8badcffdff66df6d30bde51b6e3c960be0a3719b73d3875af8e1173bd94 2022-08-11
FileHash-MD5 d78ed5e9762a7ec07b49fa0f75f95199 MD5 of fe2e5df2fae90fb90b56e4ea268e8ca68f46dc3365c22b840d865193a48be189 2022-08-11
FileHash-MD5 d8a44d2ed34b5fee7c8e24d998f805d9 MD5 of 3e035f2d7d30869ce53171ef5a0f761bfb9c14d94d9fe6da385e20b8d96dc2fb 2022-08-11
FileHash-MD5 efec04688a493077cea9786243c25656 MD5 of c75748dc544629a8a5d08c0d8ba7fda3508a3efdaed905ad800ffddbc8d3b8df 2022-08-11
FileHash-SHA1 1bab1913533d5748e9cda388f55c446be6b770ff SHA1 of 2280898cb29faf1785e782596d8029cb471537ec38352e5c17cc263f1f52b8ef 2022-08-11
FileHash-SHA1 3e6e83b16cfb0428bc343a30a182d5b7ee01bdf9 SHA1 of 6c94a1bc67af21cedb0bffac03019dbf870649a182e58cc5960969adf4fbdd48 2022-08-11
FileHash-SHA1 429237548351288fac00e0909616b1518d5487b9 SHA1 of c75748dc544629a8a5d08c0d8ba7fda3508a3efdaed905ad800ffddbc8d3b8df 2022-08-11
FileHash-SHA1 50b00f687892a656319aefcecba535459e2d8a2d SHA1 of 0dfe7a93ff40834c072c7fdd9381771b1086b67f545fa83c766b2d67a911e47b 2022-08-11
FileHash-SHA1 515ee7413883e91b9122c46c78a579802b5f954f SHA1 of cf64c08d97e6dfa5588c5fa016c25c4131ccc61b8deada7f9c8b2a41d8f5a32c 2022-08-11
FileHash-SHA1 6b8e2243e57c1e9f4ccbdf6b945d26f63e26c635 SHA1 of fe2e5df2fae90fb90b56e4ea268e8ca68f46dc3365c22b840d865193a48be189 2022-08-11
FileHash-SHA1 720714032a7a8ee72f034ddbb0578b910e6c9885 SHA1 of e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de364f 2022-08-11
FileHash-SHA1 a306aa69d4ac0087c6dad1851c7f500710c829e3 SHA1 of 840af927adbfdeb7070e1cf73ed195cf48c8d5f35b6de12f58b73898d7056d3d 2022-08-11
FileHash-SHA1 ab4d6992c292931c297ca55d3d2ee34df64b7f7b SHA1 of aa7ff8badcffdff66df6d30bde51b6e3c960be0a3719b73d3875af8e1173bd94 2022-08-11
FileHash-SHA1 b213151ab3109c919e6015b5b27eb70a0ad3eebf SHA1 of 624f129189a05897c176e9feb519521c1b6ef528b0b52e1a7a3290e5a2313a6b SHA1 of 624f129189a05897c176e9feb519521c1b6ef528b0b52e1a7a3290e5a2313a6b 2022-08-11
FileHash-SHA1 d8369cb0d8ccec95b2a49ba34aa7749b60998661 SHA1 of 3e035f2d7d30869ce53171ef5a0f761bfb9c14d94d9fe6da385e20b8d96dc2fb 2022-08-11
FileHash-SHA1 efd9b2d0e40fa1db3a194e653aed9f2be0705252 SHA1 of c4e47cba1c5fedf9ba522bc2d2de54a482e0ac29c98358390af6dadc0a7d65ce 2022-08-11
FileHash-SHA256 08f491d46a9d05f1aebc83d724ca32c8063a2613250d50ce5b7e8ba469680605 2022-08-11
FileHash-SHA256 0dfe7a93ff40834c072c7fdd9381771b1086b67f545fa83c766b2d67a911e47b 2022-08-11
FileHash-SHA256 1a30e0d65a8a09abc3feb1c86a0619845fc6ab9bdba3ae8800ecec55a647910e 2022-08-11
FileHash-SHA256 2280898cb29faf1785e782596d8029cb471537ec38352e5c17cc263f1f52b8ef 2022-08-11
FileHash-SHA256 3e035f2d7d30869ce53171ef5a0f761bfb9c14d94d9fe6da385e20b8d96dc2fb 2022-08-11
FileHash-SHA256 4d696c106f568b99308565172116933c0e26ce2e9ace003a110e8bde0216ddab 2022-08-11
FileHash-SHA256 58db85f0c86640b4c3a2584e9ef5696c526190faf87eaa19085737685bc9e7f5 2022-08-11
FileHash-SHA256 624f129189a05897c176e9feb519521c1b6ef528b0b52e1a7a3290e5a2313a6b 2022-08-11
FileHash-SHA256 6c94a1bc67af21cedb0bffac03019dbf870649a182e58cc5960969adf4fbdd48 2022-08-11
FileHash-SHA256 840af927adbfdeb7070e1cf73ed195cf48c8d5f35b6de12f58b73898d7056d3d 2022-08-11
FileHash-SHA256 969a4a55bb5cabc96ff003467bd8468b3079f5c95c5823985416c019eb8abe2f 2022-08-11
FileHash-SHA256 9ca0e858ff6f163a128fb699d2b801b6b13a2eb1d6cd995302effa5f587cd8d8 2022-08-11
FileHash-SHA256 aa7ff8badcffdff66df6d30bde51b6e3c960be0a3719b73d3875af8e1173bd94 2022-08-11
FileHash-SHA256 aecfc82fa44790e0533f0bece0a1ab0860b163838646aa0c019187a37326d477 2022-08-11
FileHash-SHA256 b5b105751a2bf965a6b78eeff100fe4c75282ad6f37f98b9adcd15d8c64283ec 2022-08-11
FileHash-SHA256 be3e665d389e8b85ceda1e2fc80a41a247de27d1d0b13ee0c2574c1e36ebc6d4 2022-08-11
FileHash-SHA256 c4e47cba1c5fedf9ba522bc2d2de54a482e0ac29c98358390af6dadc0a7d65ce 2022-08-11
FileHash-SHA256 c75748dc544629a8a5d08c0d8ba7fda3508a3efdaed905ad800ffddbc8d3b8df 2022-08-11
FileHash-SHA256 cf64c08d97e6dfa5588c5fa016c25c4131ccc61b8deada7f9c8b2a41d8f5a32c 2022-08-11
FileHash-SHA256 e75717be1633b5e3602827dc3b5788ff691dd325b0eddd2d0d9ddcee29de364f 2022-08-11
FileHash-SHA256 fe2e5df2fae90fb90b56e4ea268e8ca68f46dc3365c22b840d865193a48be189 2022-08-11
URL http://ccpyeuptrlatb2piua4ukhnhi7lrxgerrcrj4p2b5uhbzqm2xgdjaqid.onion 2022-08-11
URL https://kmsauto.us/all.txt 2022-08-11
URL https://kmsauto.us/app1.bin 2022-08-11
URL https://kmsauto.us/encoding.txt 2022-08-11
URL https://kmsauto.us/server.txt 2022-08-11
URL https://kmsauto.us/someone/ 2022-08-11
URL https://kmsauto.us/someone/l.exe 2022-08-11
URL https://kmsauto.us/someone/start.ps1 2022-08-11
URL https://kmsauto.us/sti/sti.bin aa7ff8badcffdff66df6d30bde51b6e3c960be0a3719b73d3875af8e1173bd94 2022-08-11
domain ccpyeuptrlatb2piua4ukhnhi7lrxgerrcrj4p2b5uhbzqm2xgdjaqid.onion 2022-08-11
References (1)
↗ https://unit42.paloaltonetworks.com/bluesky-ransomware/