ioc[.]one - OSINT Cyber Threat Intelligence Database

BlueKeep exploitation activity seen in the wild

Tags

country:	Australia Netherlands Germany Russia Ukraine
attack-pattern:	Data Direct Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Powershell - T1086 Remote Desktop Protocol - T1076

Show in Graph

Common Information

Type	Value
UUID	308108ae-0a31-4996-b32a-17704c808048
Fingerprint	bfec11636a23f587
Analysis status	DONE
Considered CTI value	0
Text language
Published	July 28, 2020, 11:39 a.m.
Added to db	Feb. 17, 2023, 11:40 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	BlueKeep exploitation activity seen in the wild
Title	BlueKeep exploitation activity seen in the wild
Detected Hints/Tags/Attributes	59/2/25

Source URLs

	Redirection	Url
Details	Source	https://doublepulsar.com/bluekeep-exploitation-activity-seen-in-the-wild-bd6ee6e599a6
Details	Redirection	https://doublepulsar.com/bluekeep-exploitation-activity-seen-in-the-wild-bd6ee6e599a6?gi=37a2213b96bf
Details	Redirection	https://doublepulsar.com/bluekeep-exploitation-activity-seen-in-the-wild-bd6ee6e599a6?gi=891cb3da4a88
Details	Redirection	https://doublepulsar.com/bluekeep-exploitation-activity-seen-in-the-wild-bd6ee6e599a6?gi=ee38597b3e37
Details	Source	https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Fdoublepulsar.com%2Fbluekeep-exploitation-activity-seen-in-the-wild-bd6ee6e599a6

URL Provider

Details	Provider	Source level domain
Details	doublepulsar.com	doublepulsar.com
Details	medium.com	medium.com

Attributes

Details	Type	#Events	Value
Details	CVE	197	cve-2019-0708
Details	Domain	7	binaryedge.io
Details	Domain	134	shodan.io
Details	Domain	228	system.io
Details	File	2	c:\windows\system32\spool\svchost.exe
Details	File	13	c:\windows\system32\netsh.exe
Details	File	1122	svchost.exe
Details	sha256	1	8a87a1261603af4d976faa57e49ebdd8fd8317e9dd13bd36ff2599d1031f53ce
Details	IPv4	2	109.176.117.11
Details	IPv4	2	5.100.251.106
Details	IPv4	1	217.114.18.50
Details	IPv4	1	193.27.73.223
Details	IPv4	1	217.23.5.20
Details	IPv4	1	157.245.82.38
Details	IPv4	1	193.104.205.59
Details	IPv4	1	178.175.141.12
Details	IPv4	1	217.23.5.70
Details	IPv4	1	167.172.224.148
Details	IPv4	1	138.201.209.190
Details	IPv4	1	160.20.146.133
Details	IPv4	1	167.71.240.219
Details	Url	1	http://178.175.141.12:7023/9bccfaf8cd92/temp
Details	Url	1	https://www.microsoft.com/security/blog/2019/11/07/the-new-cve-2019-0708-rdp-exploit-attacks-explained
Details	Url	1	http://178.175.141.12:11008/6b53002fb437/temp
Details	Url	1	http://138.201.209.190:10708/cc1ad438c54a/temp