GreyNoise Tag Roundup | August 2 - 16

New Tags

Tag: Exchange ProxyShell Vuln Attempt [Intention: Malicious]

• CVE-2021-34473, CVE-2021-34523, CVE-2021-31207
• This IP address has been observed attempting to exploit the ProxyShell vulnerability in Microsoft Exchange.
• Sources: Medium, BlackHat, y4y.space
• See it on GreyNoise Viz

Tag: Exchange ProxyShell Vuln Check [Intention: Unknown]

• CVE-2021-34473, CVE-2021-34523, CVE-2021-31207
• This IP address has been observed checking for the existence of the ProxyShell vulnerability in Microsoft Exchange, an activity which commonly leaks sensitive information.
• Sources: Medium, BlackHat, y4y.space
• See it on GreyNoise Viz

Tag: Javascript Enabled [Intention: Unknown]

• This IP address has been observed scanning the internet with a client that supports javascript, such as a web browser controlled through automation.
• See it on GreyNoise Viz

Tag: Aerospike RCE Attempt [Intention: Malicious]

• CVE-2020-13151
• This IP address has been observed attempting to exploit CVE-2020-13151, a remote command execution in Aerospike databases.
• Sources: NIST, GitHub [1, 2]
• See it on GreyNoise Viz

Tag: Docker API Container Creation Attempt [Intention: Malicious]

• This IP address has been observed attempting to provision a container using the Docker API.
• Sources: Docker Docs
• See it on GreyNoise Viz

Tag: Buffalo Router RCE Check [Intention: Unknown]

• CVE-2021-20091
• This IP address has been observed attempting to discover Buffalo routers susceptible to remote command injection through path traversal.
• Sources: Tenable, MITRE
• See it on GreyNoise Viz

Tag: Buffalo Router RCE Attempt [Intention: Malicious]

• CVE-2021-20091
• This IP address has been observed attempting to exploit Buffalo routers susceptible to remote command injection through path traversal.
• Sources: Tenable, MITRE
• See it on GreyNoise Viz

Tag: FirebirdSQL Crawler [Intention: Unknown]

• This IP address has been observed crawling the Internet and attempting to discover FirebirdSQL instances.
• Sources: GitHub, Nmap Service Probes
• See it on GreyNoise Viz

Tag: Ruijie EG Command Injection Attempt [Intention: Malicious]

• This IP address has been observed attempting command injection on Ruijie network devices with Easy Gateway support.
• Sources: peiqi.tech [1, 2]
• See it on GreyNoise Viz

Recent Actor Tag

• Cortex® Xpanse™ [Intention: Benign]

• Sources: Palo Alto Networks, Expanse, ARIN
• See it on GreyNoise Viz

Tag Improvements

As part of our process, our research team continues to clean up and improve on existing tags as new information or better processes are introduced.

Tag: X Server Connection Attempt [Intention: Malicious]

• This IP address has been observed scanning the Internet for X11 servers with access control disabled, which allows for unauthenticated connections.
• See it on GreyNoise Viz

Tag: ADB Worm [Intention: Malicious]

• This IP address has been observed exploiting the Android Debug Bridge vulnerability.
• See it on GreyNoise Viz

Removed Tags

• Stretchoid
• Security Scorecard