Ransomware.live: bluelocker

Contact us Buy Me a Coffee

Sponsored by Hudson Rock – Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Blue Locker targets Pakistan’s vital energy sector, particularly Pakistan Petroleum

External information

Ransom Notes (1)

TTPs Matrix (6)

This information is provided by Crocodyli & Ransomware.live
Persistence	Privilege Escalation	Defense Evasion	Discovery	Collection	Impact
Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder	Create or Modify System Process	Indicator Removal: Timestomp	Query Registry	Input Capture	Service Stop
	Abuse Elevation Control Mechanism: Bypass User Account Control	Deobfuscate/Decode Files or Information	Process Discovery	Data Staged	Inhibit System Recovery
		Impair Defenses: Disable or Modify Tools	File and Directory Discovery
			Account Discovery
			Virtualization/Sandbox Evasion

YARA Rules (1)

Indicators of Compromise (IoCs) (7)

Email 2 Hash SHA256 4 tox 1

Type	IOC
`Email`	`hsbwabwy@xmpp.jp`
`Email`	`hyebwma@protonmail.com`
`Hash SHA256`	`515bd71a8b3c2bce7b40b89ddfe2e94d332b0779d569c58117f8dcdcb8a91ed9`
`Hash SHA256`	`6eeb20cc709a18bf8845f7b678967b7f0ff96475cf51a261da87244886bbfd2e`
`Hash SHA256`	`d3cc6cc4538d57f2d1f8a9d46a3e8be73ed849f7fe37d1d969c0377cf1d0fadc`
`Hash SHA256`	`e6bd4ed287d1336206f5b4b65011e570267418799eb60c2d0d7496d5d9e95a33`
`tox`	`24CCCF90893D73BE99427731EFBA1A11C015D574EC433EA44908B6B6F20FB34AF56622F8A4E8`