Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Port 5986 (tcp/udp) Attack Activity - SANS Internet Storm Center

SANS Site Network

Current Site

SANS Internet Storm Center

Other SANS Sites Help

Graduate Degree Programs

Security Training

Security Certification

Security Awareness Training

Penetration Testing

Industrial Control Systems

Cyber Defense Foundations

DFIR

Software Security

Government OnSite Training

Port 5986 (tcp/udp) Attack Activity

Log In or Sign Up for Free!

Loading...

[get complete service list]

Port Information
Protocol	Service	Name
tcp	wsmans	WBEM
tcp	OMI	Open Management Infrastructure

Top IPs Scanning
Today	Yesterday
192.241.220.82 (7)	91.239.97.246 (449)
154.89.5.68 (7)	192.241.221.87 (133)
31.192.111.224 (6)	192.241.219.95 (62)
106.75.190.201 (6)	192.241.216.93 (59)
104.156.155.23 (6)	31.192.111.224 (36)
192.241.222.163 (5)	71.6.135.131 (30)
185.173.35.53 (4)	176.58.111.146 (30)
192.241.213.46 (4)	45.33.91.92 (29)
192.241.221.204 (3)	183.136.225.42 (28)
183.136.225.42 (3)	165.227.225.179 (27)

Port diary mentions
URL
#OMIGOD Exploits Captured in the Wild. Researchers responsible for half of scans for related ports.

User Comments
Submitted By	Date
Comment
	2021-09-21 00:21:14
Used by Open Management Infrastructure (OMI) framework. Actively Exploited. https://msrc-blog.microsoft.com/2021/09/16/additional-guidance-regarding-omi-vulnerabilities-within-azure-vm-management-extensions/ Also see port 5985/TCP, 5986/TCP, 1270/TCP

CVE Links
CVE #	Description