New Tags

CVE-2020-25494

Tag: SCO OpenServer RCE Attempt [Intention: Malicious]

CVE-2021-22911

Tag: Rocket.Chat server RCE Attempt [Intention: Malicious]

  • This IP address has been observed attempting to exploit CVE-2021-22911, a remote command execution vulnerability in Rocket.Chat server.
  • Sources: NIST, @CsEnox (GitHub )
  • See it on GreyNoise Viz

Tag: Vesta Control Panel RCE Attempt [Intention: Malicious]

CVE-2021-27144/46 | CVE-2021-27148/55 | CVE-2021-27158/59 | CVE-2021-27162/66 | CVE-2021-27168/69 | CVE-2021-27172

Tag: FiberHome Telnet Backdoor [Intention: Malicious]

  • This IP address has been observed attempting to authenticate via telnet using one of several known backdoor accounts in FiberHome routers.
  • Sources: Pierre Kim
  • See it on GreyNoise Viz

Tag: LokiBot C2 Crawler [Intention: Unknown]

  • This IP address has been observed crawling the Internet and attempting to discover LokiBot C2 nodes.
  • Sources: CISA
  • See it on GreyNoise Viz

Tag: Aerospike Crawler [Intention: Unknown]

Recent Actor Tag

  • ESET  [Intention: Benign]

Tag Improvements

As part of our process, our research team continues to clean up and improve on existing tags as new information or better processes are introduced.

Tag: Tomcat Manager Scanner [Intention: Unknown]

This article is a summary of the full, in-depth version on the GreyNoise Labs blog.
Read the full report
GreyNoise Labs logo
Link to GreyNoise Twitter account
Link to GreyNoise Twitter account