Bluekeep Exploit Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (10)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en8
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us6
cn2
id2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Joker3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Web Browser2
Network Encryption Software2
Not Defined2
Operating System2
Content Management System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Google2
Not Defined2
Laravel2
Microsoft2
Yoast2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Chrome2
OpenSSL2
Laravel Framework2
Microsoft Windows2
Yoast WordPress SEO2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Microsoft Windows Message Queuing Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.959160.04CVE-2023-21554
2Yoast WordPress SEO Authentication class-bulk-editor-list-table.php cross-site request forgery6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.005880.00CVE-2015-2293
3MStore API Plugin improper authentication8.58.4$0-$5k$0-$5kNot DefinedNot Defined0.001310.00CVE-2023-2733
4Cesanta Mongoose mongoose.c integer overflow8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.434130.00CVE-2019-19307
5Google Chrome memory corruption8.98.7$100k and more$0-$5kNot DefinedOfficial Fix0.002230.00CVE-2010-4040
6SolarWinds Kiwi Syslog Server HTTP Header protection mechanism4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000780.00CVE-2021-35237
7Laravel Framework Permission .env writeNewEnvironmentFileWith Password information disclosure6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.116080.04CVE-2017-16894
8OpenSSL 64-bit Block Cipher SWEET32 information disclosure6.56.4$5k-$25k$0-$5kProof-of-ConceptUnavailable0.005280.04CVE-2016-2183
9Cisco Linksys WRT120N fprintf memory corruption6.36.0$25k-$100k$0-$5kProof-of-ConceptUnavailable0.000000.02

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
11.3.1.6Bluekeep Exploit11/06/2019verifiedHigh
21.3.2.8Bluekeep Exploit11/06/2019verifiedHigh
31.45.76.1Bluekeep Exploit11/06/2019verifiedHigh
4X.X.X.XXxxxxxxx Xxxxxxx11/06/2019verifiedHigh
5X.X.X.Xxxx-x-x-x-x.xx-xxxxxxxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxx Xxxxxxx11/06/2019verifiedMedium
6X.X.X.Xxxxxxxx-xxx-xxx-xxx-xxx.x.x.xxxx.xxxxxxxxxx.xxXxxxxxxx Xxxxxxx11/06/2019verifiedHigh
7X.XXX.XXX.XXXXxxxxxxx Xxxxxxx11/06/2019verifiedHigh
8XX.X.XX.XXx-xx-x-xx-xx.xxxx.xx.xxxxxxx.xxxXxxxxxxx Xxxxxxx11/06/2019verifiedHigh
9XX.XX.X.XXxxxxxxx Xxxxxxx11/06/2019verifiedHigh
10XX.XX.XX.XXxxxxxxx Xxxxxxx11/06/2019verifiedHigh
11XX.XX.X.XXxxxxxxx Xxxxxxx11/06/2019verifiedHigh
12XX.XX.X.XXxxxxxxx Xxxxxxx11/06/2019verifiedHigh
13XX.XX.X.XXxxxxxxx Xxxxxxx11/06/2019verifiedHigh
14XXX.XXX.XXX.XXXxxxxxxx Xxxxxxx11/06/2019verifiedHigh

TTP - Tactics, Techniques, Procedures (1)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1592CAPEC-116CWE-200Invocation of Process Using Visible Sensitive InformationpredictiveHigh

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/.envpredictiveLow
2Filexxxxx/xxxxx-xxxx-xxxxxx-xxxx-xxxxx.xxxpredictiveHigh
3Filexxxxxxxx.xpredictiveMedium
4ArgumentxxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!