New Tags
Tag: Exchange ProxyShell Vuln Attempt [Intention: Malicious]
- CVE-2021-34473, CVE-2021-34523, CVE-2021-31207
- This IP address has been observed attempting to exploit the ProxyShell vulnerability in Microsoft Exchange.
- Sources: Medium, BlackHat, y4y.space
- See it on GreyNoise Viz
Tag: Exchange ProxyShell Vuln Check [Intention: Unknown]
- CVE-2021-34473, CVE-2021-34523, CVE-2021-31207
- This IP address has been observed checking for the existence of the ProxyShell vulnerability in Microsoft Exchange, an activity which commonly leaks sensitive information.
- Sources: Medium, BlackHat, y4y.space
- See it on GreyNoise Viz
Tag: Javascript Enabled [Intention: Unknown]
- This IP address has been observed scanning the internet with a client that supports javascript, such as a web browser controlled through automation.
- See it on GreyNoise Viz
Tag: Aerospike RCE Attempt [Intention: Malicious]
- CVE-2020-13151
- This IP address has been observed attempting to exploit CVE-2020-13151, a remote command execution in Aerospike databases.
- Sources: NIST, GitHub [1, 2]
- See it on GreyNoise Viz
Tag: Docker API Container Creation Attempt [Intention: Malicious]
- This IP address has been observed attempting to provision a container using the Docker API.
- Sources: Docker Docs
- See it on GreyNoise Viz
Tag: Buffalo Router RCE Check [Intention: Unknown]
- CVE-2021-20091
- This IP address has been observed attempting to discover Buffalo routers susceptible to remote command injection through path traversal.
- Sources: Tenable, MITRE
- See it on GreyNoise Viz
Tag: Buffalo Router RCE Attempt [Intention: Malicious]
- CVE-2021-20091
- This IP address has been observed attempting to exploit Buffalo routers susceptible to remote command injection through path traversal.
- Sources: Tenable, MITRE
- See it on GreyNoise Viz
Tag: FirebirdSQL Crawler [Intention: Unknown]
- This IP address has been observed crawling the Internet and attempting to discover FirebirdSQL instances.
- Sources: GitHub, Nmap Service Probes
- See it on GreyNoise Viz
Tag: Ruijie EG Command Injection Attempt [Intention: Malicious]
- This IP address has been observed attempting command injection on Ruijie network devices with Easy Gateway support.
- Sources: peiqi.tech [1, 2]
- See it on GreyNoise Viz
Recent Actor Tag
- Cortex® Xpanse™ [Intention: Benign]
- Sources: Palo Alto Networks, Expanse, ARIN
- See it on GreyNoise Viz
Tag Improvements
As part of our process, our research team continues to clean up and improve on existing tags as new information or better processes are introduced.
Tag: X Server Connection Attempt [Intention: Malicious]
- This IP address has been observed scanning the Internet for X11 servers with access control disabled, which allows for unauthenticated connections.
- See it on GreyNoise Viz
Tag: ADB Worm [Intention: Malicious]
- This IP address has been observed exploiting the Android Debug Bridge vulnerability.
- See it on GreyNoise Viz
Removed Tags
This article is a summary of the full, in-depth version on the GreyNoise Labs blog.
Read the full report
Be part of the conversation in our Community Slack group.
Follow us and don’t miss a thing.
.png)
