BLUELIGHT

Description

(Volexity) The BLUELIGHT malware family uses different cloud providers to facilitate C2. This specific sample leveraged the Microsoft Graph API for its C2 operations. Upon start-up, BLUELIGHT performs an oauth2 token authentication using hard-coded parameters. Once the client is authenticated, BLUELIGHT creates a new subdirectory in the OneDrive appfolder and populates it with several subdirectories used by the C2 protocol.

Names

Name
BLUELIGHT

Type

Reconnaissance
Backdoor
Info stealer
Credential stealer
Downloader
Exfiltration

Information

https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/

Mitre Attack

https://attack.mitre.org/software/S0657/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.bluelight

Other Information

Uuid

ed4fb152-2560-48d0-aea4-aee2e43ff69f

Last Card Change

2023-10-13

Threat Intelligence Garden

Explorer

BLUELIGHT

BLUELIGHT

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks