Bluekeep Exploit Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (14)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA10
ID: Indonesia4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Magecart3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined6
Operating System4
WordPress Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined4
Microsoft2
Cesanta2
Laravel2
Linux2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows2
Cesanta Mongoose2
Gitblit2
Laravel Framework2
Linux Kernel2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Linux Kernel riscv privilege escalation5.55.3$5k-$25k$0-$5kNot definedOfficial fix 0.001450.06CVE-2024-35988
2Microsoft Windows Message Queuing Remote Code Execution9.89.2$25k-$100k$0-$5kHighOfficial fixexpected0.921620.03CVE-2023-21554
3Linux Kernel ks8851 local_bh_enable privilege escalation5.85.7$5k-$25k$0-$5kNot definedOfficial fix 0.000680.04CVE-2024-36962
4Gitblit .. path traversal6.36.1$0-$5k$0-$5kNot definedNot definedpossible0.797760.08CVE-2022-31268
5Yoast WordPress SEO Authentication class-bulk-editor-list-table.php cross-site request forgery6.36.0$5k-$25k$0-$5kNot definedOfficial fix 0.012080.00CVE-2015-2293
6MStore API Plugin improper authentication8.58.4$0-$5k$0-$5kNot definedNot defined 0.003780.00CVE-2023-2733
7Cesanta Mongoose mongoose.c integer overflow8.58.5$0-$5k$0-$5kNot definedNot defined 0.029610.00CVE-2019-19307
8Google Chrome memory corruption8.98.7$100k and more$5k-$25kNot definedOfficial fix 0.005990.00CVE-2010-4040
9SolarWinds Kiwi Syslog Server HTTP Header protection mechanism4.84.7$0-$5k$0-$5kNot definedOfficial fix 0.002090.02CVE-2021-35237
10Laravel Framework Permission .env writeNewEnvironmentFileWith Password information disclosure6.46.1$0-$5k$0-$5kHighNot definedexpected0.857880.04CVE-2017-16894
11OpenSSL 64-bit Block Cipher SWEET32 information disclosure6.56.4$5k-$25k$0-$5kProof-of-ConceptUnavailablepossible0.406030.03CVE-2016-2183
12Cisco Linksys WRT120N fprintf memory corruption6.36.0$25k-$100k$0-$5kProof-of-ConceptUnavailable 0.000000.05

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
11.3.1.6Bluekeep Exploit11/06/2019verifiedLow
21.3.2.8Bluekeep Exploit11/06/2019verifiedLow
31.45.76.1Bluekeep Exploit11/06/2019verifiedLow
4X.X.X.XXxxxxxxx Xxxxxxx11/06/2019verifiedLow
5X.X.X.Xxxx-x-x-x-x.xx-xxxxxxxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxx Xxxxxxx11/06/2019verifiedVery Low
6X.X.X.Xxxxxxxx-xxx-xxx-xxx-xxx.x.x.xxxx.xxxxxxxxxx.xxXxxxxxxx Xxxxxxx11/06/2019verifiedVery Low
7X.XXX.XXX.XXXXxxxxxxx Xxxxxxx11/06/2019verifiedLow
8XX.X.XX.XXx-xx-x-xx-xx.xxxx.xx.xxxxxxx.xxxXxxxxxxx Xxxxxxx11/06/2019verifiedLow
9XX.XX.X.XXxxxxxxx Xxxxxxx11/06/2019verifiedLow
10XX.XX.XX.XXxxxxxxx Xxxxxxx11/06/2019verifiedLow
11XX.XX.X.XXxxxxxxx Xxxxxxx11/06/2019verifiedLow
12XX.XX.X.XXxxxxxxx Xxxxxxx11/06/2019verifiedLow
13XX.XX.X.XXxxxxxxx Xxxxxxx11/06/2019verifiedLow
14XXX.XXX.XXX.XXXxxxxxxx Xxxxxxx11/06/2019verifiedLow

TTP - Tactics, Techniques, Procedures (2)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (6)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/.envpredictiveLow
2File/resources//../predictiveHigh
3Filexxxxx/xxxxx-xxxx-xxxxxx-xxxx-xxxxx.xxxpredictiveHigh
4Filexxxxxxxx.xpredictiveMedium
5ArgumentxxxxxpredictiveLow
6Argumentxxxx_xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!