Blog

Tag: Scanning

All Product Updates Technical Articles Threat/Vulnerability News

ELLIO threat intelligence dashboard showing IP 178.16.53.51 flagged as malicious Mirai botnet from Amsterdam, with timeline of exploit attempts and port scanning activity detected between March 22-24, 2026.

[watchdog]: Inside a Mirai variant with six-layer persistence

An open directory is serving a Mirai variant across 14 CPU architectures - all updated yesterday. It kills competitors by SHA256 hash, persists through six layers, and hides as a kernel thread. Here's what's inside.

ELLIO Threat Research Lab · Mar 31, 2026

Screenshot of ELLIO threat intelligence interface showing malicious Docker API exploits from IPs 45.156.87.4 and 187.86.243.141, with security indicators and threat classification tags

#CVE #Scanning

Threat/Vulnerability News

What Gets Deployed via Exposed Docker APIs

Over 1,000 unique IPs scan for exposed Docker APIs every day. A fraction go further. We captured every container creation payload and classified them by monetization strategy.

ELLIO Threat Research Lab · Mar 26, 2026

ELLIO threat intelligence dashboard showing IP 93.123.109.205 from Amsterdam marked as malicious, with MITRE ATT&CK tactics, CVE vulnerabilities, and various exploit detectors including Setup.php, Jenkins, and SQL injection

#Network Fingerprints #Scanning #IP Blocking

Threat/Vulnerability News

Analyze everything or move straight to network-level blocking?

One IP. Four days. Nearly 900 user agents. Over 3,000 probes. Sometimes a single IP address tells you everything you need to know about how industrialized internet scanning has become.

ELLIO Community Team · Mar 16, 2026