New Tags
MongoDB Crawler [Intention: Unknown]
- This IP address has been observed crawling the Internet and attempting to discover MongoDB instances.
- Sources: MongoDB Docs, RAPID7
- See it on GreyNoise Viz
Apple iOS Lockdownd Crawler [Intention: Unknown]
- This IP address has been observed attempting to discover legacy Apple iOS devices with remotely accessible lockdownd service.
- Sources: iPhone Wiki, Zdziarski's Blog, GitHub, Apple Support
- See it on GreyNoise Viz
HTTP Request Smuggling [Intention: Malicious]
- This IP address has been observed attempting to smuggle HTTP requests, a method commonly used to bypass load balancer or proxy security restrictions.
- Sources: PortSwigger, JFrog
- See it on GreyNoise Viz
Gh0st RAT Crawler [Intention: Malicious]
- This IP address has been observed checking for the existence of hosts infected with Gh0st trojan.
- Sources: RSA Community, norman.no
- See it on GreyNoise Viz
nJRAT Crawler [Intention: Malicious]
- This IP address has been observed sending unobfuscated njRAT traffic.
- Sources: RSA Community, Krebs On Security
- See it on GreyNoise Viz
Supervisor XML-RCE Attempt [Intention: Malicious]
- This IP address has been observed attempting to exploit CVE-2017-11610, a remote command execution vulnerability in Supervisor client/server.
- Sources: NIST, Supervisor
- See it on GreyNoise Viz
New Actor Tag
BLEXbot [Intention: Benign]
- Sources: WebMeUp
- See it on GreyNoise Viz
This article is a summary of the full, in-depth version on the GreyNoise Labs blog.
Read the full report
Be part of the conversation in our Community Slack group.
Follow us and don’t miss a thing.
.png)
