GreyNoise Tag Round Up | May 10 - 21

New Tags

CVE-2021-26912 | CVE-2021-26913 | CVE-2021-26914 | CVE-2021-26915

Tag: NetMotion Mobility Server RCE Attempt [Intention: Malicious]

• This IP address has been observed attempting to exploit a deserialization vulnerability in NetMotion Mobility Server that can lead to remote code execution.
• Sources: NIST [1, 2 , 3, 4], SSD Disclosure
• See it on GreyNoise Viz

CVE-2021-21402

Tag: Jellyfin File Disclosure [Intention: Malicious]

• This IP address has been observed attempting to use CVE-2021-21402, an arbitrary file disclosure vulnerability in Jellyfin media server.
• Source: GitHub SecurityLab
• See it on GreyNoise Viz

CVE-2021-28799

Tag: QNAP walter SSH Backdoor Attempt [Intention: Malicious]

• This IP address has been observed attempting to connect using the username and password 'walter,' which are hardcoded backdoor SSH credentials that exist in some QNAP devices.
• Source: QNAP, QNAP Forum
• See it on GreyNoise Viz

CVE-2021-30461

Tag: VoIPmonitor Unauthenticated RCE Attempt  [Intention: Malicious]

• This IP address has been observed attempting to exploit CVE-2021-30461, an unauthenticated command execution vulnerability in VoIPmonitor software.
• Source: NIST, SSD Disclosure
• See it on GreyNoise Viz

Tag Improvements

As part of our process, our research team continues to clean up and improve on existing tags as new information or better processes are introduced.

Tag: RDP Bruteforcer [Intention: Malicious]

• This IP address has been observed attempting to brute-force Microsoft Remote Desktop credentials.
• Source: Microsoft [1, 2]
• See it on GreyNoise Viz

Recent Integrations

Rapid 7 InsightConnect: Supports Enterprise API and Community API access.

CORTEX XSOAR: Supports Enterprise API and Community API access.