< Back to all blog posts

GreyNoise Tag Round Up | August 16 - September 1

Supriya Mazumdar

NEW TAGS

Atlassian Confluence Server OGNL Injection Attempt [Intention: Malicious]

  • CVE-2021-26084
  • This IP address has been observed attempting to exploit CVE-2021-26084, an OGNL injection vulnerability in Confluence Server and Data Center.
  • Sources: GitHub (1, 2), MITRE
  • See it on GreyNoise Viz

Atlassian Confluence Server OGNL Injection Vuln Check [Intention: Unknown]

  • CVE-2021-26084
  • This IP address has been observed checking for the existence of CVE-2021-26084, an OGNL injection vulnerability in Confluence Server and Data Center.
  • Sources: GitHub (1, 2), MITRE
  • See it on GreyNoise Viz

Oracle WebLogic RCE CVE-2021-2109 [Intention: Malicious]

Seagate BlackArmor RCE Attempt [Intention: Malicious]

ASUS GT-AC2900 Auth Bypass Attempt [Intention: Malicious]

  • CVE-2021-32030
  • This IP address has been observed attempting to exploit CVE-2021-32030, an authentication bypass in ASUS GT-AC2900 routers.
  • Sources: MITRE, Atredis
  • See it on GreyNoise Viz

Apache SkyWalking GraphQL SQL Injection  [Intention: Malicious]

  • CVE-2020-9483
  • This IP address has been observed attempting to exploit CVE-2020-9483, a SQL injection vulnerability in Apache SkyWalking via GraphQL.
  • Sources: GitHub, NVD
  • See it on GreyNoise Viz

Carries HTTP Referer [Intention: Unknown]

  • This IP address has been observed scanning the internet with an HTTP client that includes the Referer header in it's requests.
  • Sources: Firefox
  • See it on GreyNoise Viz

Stores HTTP Cookies  [Intention: Unknown]

  • This IP address has been observed scanning the internet with an HTTP client that supports storing Cookies.
  • Sources: Firefox (1, 2)
  • See it on GreyNoise Viz

Follows HTTP Redirects  [Intention: Unknown]

  • This IP address has been observed scanning the internet with an HTTP client that follows redirects defined in a Location header.
  • Sources: Firefox
  • See it on GreyNoise Viz

RSYNC Crawler  [Intention: Unknown]

NEW ACTOR TAG:

University of Michigan [Intention: Benign]

TAG IMPROVEMENTS:

As part of our process, our research team continues to clean up and improve on existing tags as new information or better processes are introduced.

ADB Check [Intention: Unknown]

  • This IP address has been observed checking for the existence of the Android Debug Bridge protocol.
  • See it on GreyNoise Viz

ADB Attempt [Intention: Malicious]

  • This IP address has been observed checking for the existence of the Android Debug Bridge protocol and has requested interactivity.
  • See it on GreyNoise Viz

EDITORS NOTE: This blog post has been updated as of Sep. 2 to reflect edits to the Atlassian Confluence Server OGNL Injection tags.

Roundup
Tags
Vulnerabilities