Overview It has been almost six months since an eye opening vulnerability in Microsoft Windows RDP CVE 2019-0708, dubbed BlueKeep, was patched. Today, Security Researcher Kevin Beaumont posted a Twitter thread reporting BSODs (Blue Screen of Death) across his network of BlueKeep Honeypots. huh, the EternalPot RDP honeypots have all started BSOD'ing recently. They only expose port 3389. pic.twitter.com/VdiKoqAwkr — Kevin Beaumont (@GossiTheDog) November 2, 2019 Kevin kindly shared the crash dump with us and following this lead, we discovered the sample was being used in a mass exploitation attempt.
Connect with Kryptos
- BlueKeep (CVE 2019-0708) exploitation spotted in the wild, 03 Nov, 2019
- Emotet scales use of stolen email content for context-aware phishing, 12 Apr, 2019
- North Korean APT(?) and recent Ryuk Ransomware attacks, 10 Jan, 2019
- Emotet Awakens With New Campaign of Mass Email Exfiltration, 31 Oct, 2018
- Inside Look at Emotet's Global Victims and Malspam Qakbot Payloads, 01 Aug, 2018