Simple question, These log entries have started appearing daily on our Sonicwall, I have never seen anything like them before. My initial thoughts are that it's yet another bot out there searching for vulnerabilities, any insight you might have is appreciated, specifically what it is that they might be trying to exploit
Sonicwall Firmware: SonicOS Enhanced 6.5.4.9-92n
Logs in CSV:
AuditID Transaction_Id Time Audit_Path group Index Description Old New Status UUID User Session Mode Source Dest Interface
0 1 18:24:42 Jan 05 2022 Download file /scripts/cgi-bin/cbag/ag.exe Failed 146.70.38.12 (36825) <our external address> (700) X1
1 2 18:24:48 Jan 05 2022 Download file grn.exe Failed 146.70.38.12 (44723) <our external address> (700) X1
2 3 18:24:50 Jan 05 2022 Download file ag.exe Failed 146.70.38.12 (50973) <our external address> (700) X1
3 4 18:24:54 Jan 05 2022 Download file /cgi-bin/cbag/ag.exe Failed 146.70.38.12 (55745) <our external address> (700) X1
4 5 18:24:56 Jan 05 2022 Download file db.exe Failed 146.70.38.12 (39315) <our external address> (700) X1
5 6 18:24:58 Jan 05 2022 Download file mw.exe Failed 146.70.38.12 (37489) <our external address> (700) X1
6 7 18:25:20 Jan 05 2022 Download file /scripts/cgi-bin/cbag/ag.exe Failed 146.70.38.12 (60097) <our external address> (85) X1
7 8 18:25:22 Jan 05 2022 Download file grn.exe Failed 146.70.38.12 (44205) <our external address> (85) X1
8 9 18:25:23 Jan 05 2022 Download file ag.exe Failed 146.70.38.12 (59829) <our external address> (85) X1
9 10 18:25:25 Jan 05 2022 Download file /cgi-bin/cbag/ag.exe Failed 146.70.38.12 (51061) <our external address> (85) X1
10 11 18:25:25 Jan 05 2022 Download file db.exe Failed 146.70.38.12 (35567) <our external address> (85) X1
11 12 18:25:26 Jan 05 2022 Download file mw.exe Failed 146.70.38.12 (39315) <our external address> (85) X1
