< Back to all blog posts

GreyNoise Tag Round Up | June 7 - 18

Supriya Mazumdar

NEW TAGS

CVE-2020-25494

Tag: SCO OpenServer RCE Attempt [Intention: Malicious]

CVE-2021-22911

Tag: Rocket.Chat server RCE Attempt [Intention: Malicious]

  • This IP address has been observed attempting to exploit CVE-2021-22911, a remote command execution vulnerability in Rocket.Chat server.
  • Sources: NIST, @CsEnox (GitHub )
  • See it on GreyNoise Viz

Tag: Vesta Control Panel RCE Attempt [Intention: Malicious]

CVE-2021-27144/46 | CVE-2021-27148/55 | CVE-2021-27158/59 | CVE-2021-27162/66 | CVE-2021-27168/69 | CVE-2021-27172

Tag: FiberHome Telnet Backdoor [Intention: Malicious]

  • This IP address has been observed attempting to authenticate via telnet using one of a several known backdoor accounts in FiberHome routers..
  • Sources: Pierre Kim
  • See it on GreyNoise Viz

Tag: LokiBot C2 Crawler [Intention: Unknown]

  • This IP address has been observed crawling the Internet and attempting to discover LokiBot C2 nodes.
  • Sources: CISA
  • See it on GreyNoise Viz

Tag: Aerospike Crawler [Intention: Unknown]

RECENT ACTOR TAG:

TAG IMPROVEMENTS:

As part of our process, our research team continues to clean up and improve on existing tags as new information or better processes are introduced.

Tag: Tomcat Manager Scanner [Intention: Unknown]

Tags
Roundup
Vulnerabilities