New Tags

CVE-2021-26912 | CVE-2021-26913 | CVE-2021-26914 | CVE-2021-26915

Tag: NetMotion Mobility Server RCE Attempt [Intention: Malicious]

  • This IP address has been observed attempting to exploit a deserialization vulnerability in NetMotion Mobility Server that can lead to remote code execution.
  • Sources: NIST [1, 2 , 3, 4], SSD Disclosure
  • See it on GreyNoise Viz

CVE-2021-21402

Tag: Jellyfin File Disclosure [Intention: Malicious]

CVE-2021-28799

Tag: QNAP walter SSH Backdoor Attempt [Intention: Malicious]

  • This IP address has been observed attempting to connect using the username and password 'walter,' which are hardcoded backdoor SSH credentials that exist in some QNAP devices.
  • Source: QNAP, QNAP Forum
  • See it on GreyNoise Viz

CVE-2021-30461

Tag: VoIPmonitor Unauthenticated RCE Attempt  [Intention: Malicious]

Tag Improvements

As part of our process, our research team continues to clean up and improve on existing tags as new information or better processes are introduced.

Tag: RDP Bruteforcer [Intention: Malicious]

  • This IP address has been observed attempting to brute-force Microsoft Remote Desktop credentials.
  • Source: Microsoft [1, 2]
  • See it on GreyNoise Viz

Recent Integrations

Rapid 7 InsightConnect: Supports Enterprise API and Community API access.

CORTEX XSOAR: Supports Enterprise API and Community API access.

This article is a summary of the full, in-depth version on the GreyNoise Labs blog.
Read the full report
GreyNoise Labs logo
Link to GreyNoise Twitter account
Link to GreyNoise Twitter account