{ "type": "URL", "indicator": "https://kmsauto.us/all.txt", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://kmsauto.us/all.txt", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3533327946, "indicator": "https://kmsauto.us/all.txt", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "62f4e3f678f5f9f311fb1a67", "name": "BlueSky Ransomware: Fast Encryption via Multithreading", "description": "BlueSky ransomware is an emerging family of malware that targets Windows hosts and demands a ransom for the decryption of data, according to research conducted by Palo Alto Networks and carried out a security analysis.", "modified": "2022-08-11T11:11:49.785000", "created": "2022-08-11T11:11:49.785000", "tags": [ "BlueSky", "Ransomware", "RedLine" ], "references": [ "https://unit42.paloaltonetworks.com/bluesky-ransomware/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "BlueSky", "display_name": "BlueSky", "target": null }, { "id": "Conti", "display_name": "Conti", "target": null }, { "id": "RedLine Stealer", "display_name": "RedLine Stealer", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 497, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 12, "domain": 2, "CVE": 2, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 21 }, "indicator_count": 61, "is_author": false, "is_subscribing": null, "subscriber_count": 386914, "modified_text": "1391 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62f4a8901f2dd10d5c543a2e", "name": "BlueSky Ransomware: Fast Encryption via Multithreading", "description": "BlueSky ransomware is an emerging family of malware that targets Windows hosts and demands a ransom for the decryption of data, according to research conducted by Palo Alto Networks and carried out a security analysis.", "modified": "2022-08-11T06:58:24.273000", "created": "2022-08-11T06:58:24.273000", "tags": [ "bluesky", "conti", "figure", "unit", "decrypt files", "hkcusoftware", "curve25519", "recovery blob", "ransomware", "windows", "conti v3", "wildfire", "juicypotato", "dropper", "powershell", "redline", "downloader", "code" ], "references": [ "https://unit42.paloaltonetworks.com/bluesky-ransomware/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "BlueSky", "display_name": "BlueSky", "target": null }, { "id": "Conti", "display_name": "Conti", "target": null } ], "attack_ids": [ { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 12, "domain": 2, "CVE": 2, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 21 }, "indicator_count": 61, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "1391 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62f40e93df1f7100d1279380", "name": "The Lifecycle of a Malicious Attack | Zscaler", "description": "Researchers at Palo Alto Networks have identified and identified the BlueSky ransomware, a family of malware that targets Windows hosts and demands a ransom for the decryption of data. \u00c2\u00a31m.", "modified": "2022-08-10T20:01:23.162000", "created": "2022-08-10T20:01:23.162000", "tags": [ "bluesky", "conti", "figure", "unit", "decrypt files", "hkcusoftware", "curve25519", "recovery blob", "ransomware", "windows", "conti v3", "wildfire", "juicypotato", "dropper", "powershell", "redline", "downloader", "code", "zscaler zero trust exchange", "zpa", "zia", "zero trust exchange", "alex", "sandbox", "threatlabz", "zscaler cloud", "a2z health", "frying pan", "access", "zero trust", "zscaler", "mitre att", "lockbit" ], "references": [ "https://unit42.paloaltonetworks.com/bluesky-ransomware/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "BlueSky", "display_name": "BlueSky", "target": null }, { "id": "Conti", "display_name": "Conti", "target": null } ], "attack_ids": [ { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "eric.ford", "id": "42510", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_42510/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 12, "domain": 2, "CVE": 2, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 21 }, "indicator_count": 61, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "1391 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://unit42.paloaltonetworks.com/bluesky-ransomware/" ], "related": { "alienvault": { "adversary": [], "malware_families": [ "Conti", "Bluesky", "Redline stealer" ], "industries": [], "unique_indicators": 61 }, "other": { "adversary": [], "malware_families": [ "Conti", "Bluesky" ], "industries": [], "unique_indicators": 61 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/kmsauto.us", "whois": "http://whois.domaintools.com/kmsauto.us", "domain": "kmsauto.us", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "62f4e3f678f5f9f311fb1a67", "name": "BlueSky Ransomware: Fast Encryption via Multithreading", "description": "BlueSky ransomware is an emerging family of malware that targets Windows hosts and demands a ransom for the decryption of data, according to research conducted by Palo Alto Networks and carried out a security analysis.", "modified": "2022-08-11T11:11:49.785000", "created": "2022-08-11T11:11:49.785000", "tags": [ "BlueSky", "Ransomware", "RedLine" ], "references": [ "https://unit42.paloaltonetworks.com/bluesky-ransomware/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "BlueSky", "display_name": "BlueSky", "target": null }, { "id": "Conti", "display_name": "Conti", "target": null }, { "id": "RedLine Stealer", "display_name": "RedLine Stealer", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 497, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 12, "domain": 2, "CVE": 2, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 21 }, "indicator_count": 61, "is_author": false, "is_subscribing": null, "subscriber_count": 386914, "modified_text": "1391 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62f4a8901f2dd10d5c543a2e", "name": "BlueSky Ransomware: Fast Encryption via Multithreading", "description": "BlueSky ransomware is an emerging family of malware that targets Windows hosts and demands a ransom for the decryption of data, according to research conducted by Palo Alto Networks and carried out a security analysis.", "modified": "2022-08-11T06:58:24.273000", "created": "2022-08-11T06:58:24.273000", "tags": [ "bluesky", "conti", "figure", "unit", "decrypt files", "hkcusoftware", "curve25519", "recovery blob", "ransomware", "windows", "conti v3", "wildfire", "juicypotato", "dropper", "powershell", "redline", "downloader", "code" ], "references": [ "https://unit42.paloaltonetworks.com/bluesky-ransomware/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "BlueSky", "display_name": "BlueSky", "target": null }, { "id": "Conti", "display_name": "Conti", "target": null } ], "attack_ids": [ { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 12, "domain": 2, "CVE": 2, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 21 }, "indicator_count": 61, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "1391 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62f40e93df1f7100d1279380", "name": "The Lifecycle of a Malicious Attack | Zscaler", "description": "Researchers at Palo Alto Networks have identified and identified the BlueSky ransomware, a family of malware that targets Windows hosts and demands a ransom for the decryption of data. \u00c2\u00a31m.", "modified": "2022-08-10T20:01:23.162000", "created": "2022-08-10T20:01:23.162000", "tags": [ "bluesky", "conti", "figure", "unit", "decrypt files", "hkcusoftware", "curve25519", "recovery blob", "ransomware", "windows", "conti v3", "wildfire", "juicypotato", "dropper", "powershell", "redline", "downloader", "code", "zscaler zero trust exchange", "zpa", "zia", "zero trust exchange", "alex", "sandbox", "threatlabz", "zscaler cloud", "a2z health", "frying pan", "access", "zero trust", "zscaler", "mitre att", "lockbit" ], "references": [ "https://unit42.paloaltonetworks.com/bluesky-ransomware/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "BlueSky", "display_name": "BlueSky", "target": null }, { "id": "Conti", "display_name": "Conti", "target": null } ], "attack_ids": [ { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "eric.ford", "id": "42510", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_42510/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 12, "domain": 2, "CVE": 2, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 21 }, "indicator_count": 61, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "1391 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://kmsauto.us/all.txt", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://kmsauto.us/all.txt", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780414290.6549459 }