IOC pivotioc · sha-256
5c430e2770b59cceba1f1587b34e686d586d2c8ba1908bb5d066a616466d2cc6
KP · DPRKAPT37confidence · high
BLUELIGHT backdoor sample published by Volexity on 17 August 2021 in the 'InkySquid' blog. BLUELIGHT uses the Microsoft Graph API (OneDrive appfolder) for C2 and was deployed via IE / legacy-Edge zero-days CVE-2020-1380 and CVE-2021-26411 from a strategic web compromise of dailynk.com. Volexity attributes InkySquid to APT37 / ScarCruft.
- family
- BLUELIGHT
- first seen
- Aug 16, 2021
- publisher
- Volexity