New Tags

Tag: Exchange ProxyShell Vuln Attempt [Intention: Malicious]

Tag: Exchange ProxyShell Vuln Check [Intention: Unknown]

  • CVE-2021-34473, CVE-2021-34523, CVE-2021-31207
  • This IP address has been observed checking for the existence of the ProxyShell vulnerability in Microsoft Exchange, an activity which commonly leaks sensitive information.
  • Sources: Medium, BlackHat, y4y.space
  • See it on GreyNoise Viz

Tag: Javascript Enabled [Intention: Unknown]

  • This IP address has been observed scanning the internet with a client that supports javascript, such as a web browser controlled through automation.
  • See it on GreyNoise Viz

Tag: Aerospike RCE Attempt [Intention: Malicious]

  • CVE-2020-13151
  • This IP address has been observed attempting to exploit CVE-2020-13151, a remote command execution in Aerospike databases.
  • Sources: NIST, GitHub [1, 2]
  • See it on GreyNoise Viz

Tag: Docker API Container Creation Attempt [Intention: Malicious]

Tag: Buffalo Router RCE Check [Intention: Unknown]

  • CVE-2021-20091
  • This IP address has been observed attempting to discover Buffalo routers susceptible to remote command injection through path traversal.
  • Sources: Tenable, MITRE
  • See it on GreyNoise Viz

Tag: Buffalo Router RCE Attempt [Intention: Malicious]

  • CVE-2021-20091
  • This IP address has been observed attempting to exploit Buffalo routers susceptible to remote command injection through path traversal.
  • Sources: Tenable, MITRE
  • See it on GreyNoise Viz

Tag: FirebirdSQL Crawler [Intention: Unknown]

Tag: Ruijie EG Command Injection Attempt [Intention: Malicious]

  • This IP address has been observed attempting command injection on Ruijie network devices with Easy Gateway support.
  • Sources: peiqi.tech [1, 2]
  • See it on GreyNoise Viz

Recent Actor Tag

  • Cortex® Xpanse™ [Intention: Benign]

Tag Improvements

As part of our process, our research team continues to clean up and improve on existing tags as new information or better processes are introduced.

Tag: X Server Connection Attempt [Intention: Malicious]

  • This IP address has been observed scanning the Internet for X11 servers with access control disabled, which allows for unauthenticated connections.
  • See it on GreyNoise Viz

Tag: ADB Worm [Intention: Malicious]

Removed Tags

This article is a summary of the full, in-depth version on the GreyNoise Labs blog.
GreyNoise Labs logo
Link to GreyNoise Twitter account
Link to GreyNoise Twitter account