< Back to all blog posts

GreyNoise Tag Round Up | May 10 - 21

Supriya Mazumdar

NEW TAGS

CVE-2021-26912 | CVE-2021-26913 | CVE-2021-26914 | CVE-2021-26915

Tag: NetMotion Mobility Server RCE Attempt [Intention: Malicious]

  • This IP address has been observed attempting to exploit a deserialization vulnerability in NetMotion Mobility Server that can lead to remote code execution.
  • Sources: NIST [1 , 2 , 3, 4], SSD Disclosure
  • See it on GreyNoise Viz

CVE-2021-21402

Tag: Jellyfin File Disclosure [Intention: Malicious]

CVE-2021-28799

Tag: QNAP walter SSH Backdoor Attempt [Intention: Malicious]

  • This IP address has been observed attempting to connect using the username and password 'walter', which are hardcoded backdoor SSH credentials that exist in some QNAP devices.
  • Source: QNAP, QNAP Forum
  • See it on GreyNoise Viz

CVE-2021-30461

Tag: VoIPmonitor Unauthenticated RCE Attempt  [Intention: Malicious]

TAG IMPROVEMENTS

As part of our process, our research team continues to clean up and improve on existing tags as new information or better processes are introduced.

Tag: RDP Bruteforcer [Intention: Malicious]

  • This IP address has been observed attempting to bruteforce Microsoft Remote Desktop credentials.
  • Source: Microsoft [1, 2]
  • See it on GreyNoise Viz

RECENT INTEGRATIONS

Rapid 7 InsightConnect: Supports Enterprise API and Community API access.

CORTEX XSOAR: Supports Enterprise API and Community API access.

Roundup
Vulnerabilities
Tags