DESCRIPTION LAST UPDATED: 2024-01-08
DEFAULT SEVERITY LEVEL: HIGH
This report identifies hosts that have been observed performing scanning activity against RocketMQ honeypot sensors. This may include reconnaissance attempts by potential attackers, exploitation attempts (including botnets) or researchers scanning for exposed endpoints.
Apache RocketMQ is a popular distributed messaging and streaming platform.
Attacks may include exploitation attempts for CVE-2023-33246/CVE-2023-37582 CVSS 9.8 RCE vulnerabilities. You can find more details in this blog by Juniper. See also DreamBus malware exploits RocketMQ flaw to infect servers.
Track RocketMQ scans seen by us on the Dashboard, for example here. You can also search for specific RocketMQ CVEs being exploited at a given point in time on our Exploited Vulnerabilities daily list. You can also check what devices are scanning RocketMQ by searching for
rocketmq-scan type in our Attacking Devices daily list.
If you receive a report about scans coming from your network/constituency make sure to investigate for possible malware or compromise or other abuse.
Severity levels are described here.
File name: event4_honeypot_rocketmq_scan