CVE-2009-0545, CVE-2019-12725, CVE-2020-29390
Tag: Zeroshell RCE Attempt [Intention: Malicious]
Tag: Cisco Smart Install RCE Attempt [Intention: Malicious]
CVE-2021-35464
Tag: ForgeRock OpenAM Pre-Auth RCE Vuln Check [Intention: Unknown]
CVE-2021-35464
Tag: ForgeRock OpenAM Pre-Auth RCE Attempt [Intention: Malicious]
CVE-2021-33544 to CVE-2021-33544 (11 CVEs)
Tag: UDP Technology IP Camera Attempt [Intention: Malicious]
CVE-2021-33544, CVE-2021-33548, CVE-2021-33550 to CVE-2021-33554
Tag: UDP Technology IP Camera Check [Intention: Unknown]
CVE-2017-12149
Tag: Jboss Application Server RCE Attempt [Intention: Malicious]
CVE-2021-30497
Tag: Ivanti Avalanche Path Traversal [Intention: Malicious]
Tag: Double URL Encoding [Intention: Malicious]
Tag: Apache OFBiz Deserialization RCE [Intention: Malicious]
These tags have been removed because they no longer exist, scan, and/or can no longer be accurately identified
Multiple RDP tags have been deprecated in favor of RDP Crawler, which more accurately accounts for much of the behavior we see. We are currently working to create more accurate and narrowly scoped tags for RDP scanning and exploitation.
The RDP Bruteforcer tag was created around the same time as BlueKeep and aggressively assigned `malicious` intent to basic RDP connection attempts. After re-evaluating this, we feel this was incorrect and have taken actions to improve our RDP tags in general.
As part of our process, our research team continues to clean up and improve on existing tags as new information or better processes are introduced.
Tag: Cisco Smart Install Endpoint Scanner [Intention: Unknown]
Tag: Linksys E-Series TheMoon Worm [Intention: Malicious]
Anomali: Now supports RIOT and the Community API.