Closing GeyNoise Ukraine Only case

15 Aug 2022 - Frank Breedijk

GreyNoise published a “free, public, unauthenticated, self-updating feed of all IPs that are exclusively targeting devices geographically located in Ukraine’s IP space with scans, exploits, etc.” We first became aware of it via a tweet from GreyNoise founder Andrew Morris. We feel that in these times, network administrators should be aware of these IP addresses even if they are unaware of the services of GreyNoise.

GreyNoise siltently stopped updating the API after 1 Aug 2022. THerefore we closed this case on 15 Aug 2022.

Overall we set 5698 notifications to owners of the IP addresses that appeared on this list. We have plotted them by the date they first hit the honeypots in the graph below.

Graph of IP addresses, colored by provider, that execusively his GreyNoise honeypots in Ukraine.

You can also interact with this graph on Google Data Studio

All the case details can be found on DIVD-2022-00014

Last modified: 18 Jan 2023 13:28 CET