SQL Brute Force Leads to BlueSky Ransomware [Wednesday, December 6, 2023]

SQL Brute Force Leads to BlueSky Ransomware [Wednesday, December 6, 2023]
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/ATTACK-REPORT-LOGO-2.png
Report

SQL Brute Force Leads to BlueSky Ransomware

Description :
Researchers observed an intrusion on a public-facing MSSQL Server, which resulted in BlueSky ransomware. First discovered in June 2022, BlueSky ransomware has code links to Conti and Babuk ransomware.

Published Created Modified
2023-12-06 13:44:22 2023-12-06 13:44:22 2023-12-06 14:09:39

Tags

Indicators

IPv4s :
  • 83.97.20.81
  • 5.188.86.237
URLs :
  • https://asd.s7610rir.pw/win/checking.hta
  • http://asq.r77vh0.pw/win/checking.hta
  • https://asq.r77vh0.pw/win/hssl/r7.hta
  • https://asq.d6shiiwz.pw/win/hssl/d6.hta
Domains :
  • asd.s7610rir.pw
  • asq.d6shiiwz.pw
  • asq.r77vh0.pw
Hashes :
  • 3b463c94b52414cfaad61ecdac64ca84eaea1ab4be69f75834aaa7701ab5e7d0
  • d4f4069b1c40a5b27ba0bc15c09dceb7035d054a022bb5d558850edfba0b9534
  • 74b6d14e35ff51fe47e169e76b4732b9f157cd7e537a2ca587c58dbdb15c624f
  • f955eeb3a464685eaac96744964134e49e849a03fc910454faaff2109c378b0b
  • 35b95496b243541d5ad3667f4aabe2ed00066ba8b69b82f10dd1186872ce4be2
  • 11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.