New Tags
Azure OMI RCE Attempt [Intention: Malicious]
- CVE-2021-38647, CVE-2021-38648, CVE-2021-38645, CVE-2021-38649
- This IP address has been observed scanning the internet for WSMan Powershell providers without an Authorization header, a root RCE in Azure Open Management Infrastructure.
- Sources: Wiz, Microsoft Security Response Center [1, 2, 3, 4]
- See it on GreyNoise Viz
Azure OMI RCE Check [Intention: Unknown]
- CVE-2021-38647, CVE-2021-38648, CVE-2021-38645, CVE-2021-38649
- This IP address has been observed scanning the internet for WSMan Powershell providers without an Authorization header, but has not provided a valid SOAP XML Envelope payload.
- Sources: Wiz, Microsoft Security Response Center [1, 2, 3, 4]
- See it on GreyNoise Viz
VMWare VCSA File Upload Attempt [Intention: Malicious]
- CVE-2021-22005, CVE-2021-22017
- This IP address has been observed attempting to exploit a remote file upload vulnerability in VMWare vCenter Server Appliance.
- Sources: VMware [1, 2], MITRE [1, 2]
- See it on GreyNoise Viz
VMWare VCSA File Upload Check [Intention: Unknown]
- CVE-2021-22005, CVE-2021-22017
- This IP address has been observed checking for the presence of a remote file upload vulnerability in VMWare vCenter Server Appliance.
- Sources: VMware [1, 2], MITRE [1, 2]
- See it on GreyNoise Viz
LDAP Crawler [Intention: Unknown]
- This IP address has been observed crawling the internet and attempting to discover hosts that respond to LDAP SearchRequest messages.
- Sources: IETF, ldap.com, LDAP Wiki
- See it on GreyNoise Viz
Veeder-Root ATGs Crawler [Intention: Unknown]
- This IP address has been observed attempting to discover Veeder-Root Automatic Oil Tank Gauges.
- Sources: Rapid7 [1, 2], Veeder
- See it on GreyNoise Viz
VMware vCenter File Disclosure [Intention: Malicious]
- This IP address has been observed attempting to exploit an arbitrary file disclosure vulnerability in VMware vCenter.
- Sources: GitHub, PT Swarm
- See it on GreyNoise Viz
PJL Crawler [Intention: Unknown]
- This IP address has been observed sending Printer Job Language commands.
- Sources: Tenable, HP Developers Portal
- See it on GreyNoise Viz
PowerShell Generic Shell Attempt [Intention: Malicious]
- This IP address has been observed attempting to spawn a generic PowerShell reverse or bind shell using the web request.
- Sources: GitHub
- See it on GreyNoise Viz
Cisco IMC Supervisor and UCS Director Backdoor [Intention: Malicious]
- CVE-2019-1935
- This IP address has been observed attempting to authenticate via SSH using default credentials for Cisco IMC Supervisor and Cisco UCS Director products.
- Sources: NIST
- See it on GreyNoise Viz
This article is a summary of the full, in-depth version on the GreyNoise Labs blog.
Read the full report
Be part of the conversation in our Community Slack group.
Follow us and don’t miss a thing.
.png)
