New Tags
Tag: Exchange ProxyShell Vuln Attempt [Intention: Malicious]
Tag: Exchange ProxyShell Vuln Check [Intention: Unknown]
- CVE-2021-34473, CVE-2021-34523, CVE-2021-31207
- This IP address has been observed checking for the existence of the ProxyShell vulnerability in Microsoft Exchange, an activity which commonly leaks sensitive information.
- Sources: Medium, BlackHat, y4y.space
- See it on GreyNoise Viz
Tag: Javascript Enabled [Intention: Unknown]
- This IP address has been observed scanning the internet with a client that supports javascript, such as a web browser controlled through automation.
- See it on GreyNoise Viz
Tag: Aerospike RCE Attempt [Intention: Malicious]
- CVE-2020-13151
- This IP address has been observed attempting to exploit CVE-2020-13151, a remote command execution in Aerospike databases.
- Sources: NIST, GitHub [1, 2]
- See it on GreyNoise Viz
Tag: Docker API Container Creation Attempt [Intention: Malicious]
Tag: Buffalo Router RCE Check [Intention: Unknown]
- CVE-2021-20091
- This IP address has been observed attempting to discover Buffalo routers susceptible to remote command injection through path traversal.
- Sources: Tenable, MITRE
- See it on GreyNoise Viz
Tag: Buffalo Router RCE Attempt [Intention: Malicious]
- CVE-2021-20091
- This IP address has been observed attempting to exploit Buffalo routers susceptible to remote command injection through path traversal.
- Sources: Tenable, MITRE
- See it on GreyNoise Viz
Tag: FirebirdSQL Crawler [Intention: Unknown]
Tag: Ruijie EG Command Injection Attempt [Intention: Malicious]
- This IP address has been observed attempting command injection on Ruijie network devices with Easy Gateway support.
- Sources: peiqi.tech [1, 2]
- See it on GreyNoise Viz
Recent Actor Tag
- Cortex® Xpanse™ [Intention: Benign]
Tag Improvements
As part of our process, our research team continues to clean up and improve on existing tags as new information or better processes are introduced.
Tag: X Server Connection Attempt [Intention: Malicious]
- This IP address has been observed scanning the Internet for X11 servers with access control disabled, which allows for unauthenticated connections.
- See it on GreyNoise Viz
Tag: ADB Worm [Intention: Malicious]
Removed Tags