{
  "name": "Bluekit Phishing as a Service (PhaaS)",
  "slug": "bluekit-phishing-as-a-service-phaas",
  "description": "BlueKit operates as a mature commercial Phishing-as-a-Service platform offering 87 ready-made phishing kits targeting banks, cloud services, cryptocurrency exchanges, and global brands. The platform features subscription-based access, automated account takeover capabilities, peer-to-peer infrastructure for stealth, and integrated anti-detection tooling. BlueKit supports credential harvesting, session hijacking, and automated post-compromise workflows including password resets and passkey enrollment. The platform includes bulk SMS phishing capabilities, Telegram notifications, hardware wallet seed phrase harvesting, and integration with anti-detect browsers. Operating through Tor and clearnet domains with cryptocurrency payments, BlueKit employs a reseller model enabling white-label redistribution. The platform significantly lowers technical barriers for cybercriminals while providing enterprise-grade phishing infrastructure, posing critical threats to financial institutions, cloud environments, and cryptoc...",
  "published": "2026-06-16T23:44:00.424000+00:00",
  "created_at": "2026-06-17T08:20:44.149000+00:00",
  "modified_at": "2026-06-17T06:20:44+00:00",
  "created_at_opencti": "2026-06-17T08:20:44.149000+00:00",
  "author": "AlienVault",
  "confidence": 100,
  "report_types": [
    "threat-report"
  ],
  "labels": [
    "account-takeover",
    "anti-detection",
    "automated-workflows",
    "credential-harvesting",
    "cryptocurrency-theft",
    "peer-to-peer-infrastructure",
    "phishing-as-a-service",
    "session-hijacking"
  ],
  "tags": [
    "2026-06-16",
    "account takeover",
    "anti-detection",
    "automated-workflows",
    "credential harvesting",
    "cryptocurrency theft",
    "peer-to-peer-infrastructure",
    "phishing-as-a-service",
    "session hijacking"
  ],
  "related_entities": {
    "indicators": [
      {
        "id": "b0da05e6-d11c-4641-be11-42edf52a81b0",
        "name": "bluekit.pk"
      },
      {
        "id": "ebd127d2-6439-4725-90b4-26f559e59228",
        "name": "bluekit.ws"
      },
      {
        "id": "793027ee-b031-4fe7-ad6c-b6cb433fa2f0",
        "name": "bluekit.cc"
      },
      {
        "id": "25b55612-8555-4498-824c-77cef2eb5d94",
        "name": "bluekit.su"
      },
      {
        "id": "b48e12d6-674d-4c3a-9602-ac2e3bdda9bc",
        "name": "bluekitsmi6sd5mjurh3l7n7oeizbedoe2hw2lsljtb5nbxiul6hzkqd.onion"
      }
    ],
    "observables": [
      {
        "id": "05b65e7d-b690-4be4-9ab7-18553491217e",
        "name": "bluekit.ws"
      },
      {
        "id": "acaed672-761d-4cf5-a8de-50ab3823b1b1",
        "name": "bluekit.su"
      },
      {
        "id": "f72b3381-aa2f-477e-ab3b-2afba2b353ba",
        "name": "bluekit.pk"
      },
      {
        "id": "4899a718-6e40-4abf-a4c0-0526bcb22158",
        "name": "bluekit.cc"
      },
      {
        "id": "6b5e0f9b-ca7a-4460-ba40-7bd7f2e56a93",
        "name": "bluekitsmi6sd5mjurh3l7n7oeizbedoe2hw2lsljtb5nbxiul6hzkqd.onion"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Finance"
      },
      {
        "id": "",
        "name": "Retail"
      },
      {
        "id": "",
        "name": "Technology"
      },
      {
        "id": "",
        "name": "bluekit.pk"
      },
      {
        "id": "",
        "name": "bluekit.ws"
      },
      {
        "id": "",
        "name": "bluekit.cc"
      },
      {
        "id": "",
        "name": "bluekit.su"
      },
      {
        "id": "",
        "name": "bluekitsmi6sd5mjurh3l7n7oeizbedoe2hw2lsljtb5nbxiul6hzkqd.onion"
      }
    ]
  },
  "external_refs": [
    {
      "id": "6c5ef6de-796c-4aea-960c-9207311fb457",
      "standard_id": "external-reference--bbe7ef69-b6df-5805-8e5e-4a82703e6ec1",
      "entity_type": "External-Reference",
      "source_name": "AlienVault",
      "description": null,
      "url": "https://otx.alienvault.com/pulse/6a31dfc08e2c3f8e5019ab67",
      "hash": null,
      "external_id": "6a31dfc08e2c3f8e5019ab67",
      "created": "2026-06-17T08:20:44.084Z",
      "modified": "2026-06-17T08:20:44.084Z",
      "createdById": null
    },
    {
      "id": "b9b1285b-42e1-42ef-a64d-d3bff7799329",
      "standard_id": "external-reference--fb50b732-8f97-591f-ae81-eef0fd409ff7",
      "entity_type": "External-Reference",
      "source_name": "AlienVault",
      "description": null,
      "url": "https://www.cloudsek.com/blog/bluekit-phishing-as-a-service-phaas",
      "hash": null,
      "external_id": null,
      "created": "2026-06-17T08:20:44.108Z",
      "modified": "2026-06-17T08:20:44.108Z",
      "createdById": null
    }
  ]
}