Bluelight Malware

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
The Bluelight malware is a harmful software program designed to exploit and damage computer systems. It was identified by Volexity in a recent investigation, where it was found being delivered to a victim alongside another malware, RokRAT. The Bluelight malware infiltrates systems through suspicious downloads, emails, or websites, often without user knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The delivery of this malware is notably stealthy, utilizing different cloud providers to facilitate command and control (C2), making network-based detection significantly more challenging. In the incident described, Volexity tied the newly observed Bluelight malware family to Advanced Persistent Threat 37 (APT37), based on the use of RokRAT malware. Both Bluelight and RokRAT were deployed sequentially during the intrusion, indicating a coordinated attack strategy. The effectiveness of these techniques was underscored by the fact that none detected the presence of either the RokRAT or Bluelight malware families, demonstrating their ability to evade detection successfully. The Bluelight malware process involves multiple shellcode stages before ultimately executing the Windows executable payload without any disk involvement. This method further complicates detection and mitigation efforts, as it deploys the well-known RokRat or Bluelight malware directly into memory. As such, organizations are advised to stay vigilant and maintain robust cybersecurity measures to protect against such sophisticated threats.
What's your take? (Question 1 of 1)
010d2c94-73fa-460d-b703-6a230cce5f53 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
ROKRAT
2
RokRAT is a sophisticated malware that has been used by the cyber-espionage group ScarCruft, primarily to target South Korean media and research organizations. The malware is typically delivered via phishing emails with ZIP file attachments containing LNK files disguised as Word documents. However,
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Bluelight Malware Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
North Korean APT InkySquid Infects Victims Using Browser Exploits
CERT-EU
7 months ago
APT trends report Q3 2023
MITRE
a year ago
North Korean BLUELIGHT Special: InkySquid Deploys RokRAT