Skip to content

peterydzynski/Log4Shell-IOCs

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
README.md
README.md
 
 

Repository files navigation

Log4Shell-IOCs

Members of the Curated Intelligence Trust Group have compiled a list of IOC feeds and threat reports focused on the recent Log4Shell exploit targeting CVE-2021-44228 in Log4j

Indicators of Compromise (IOCs)

Source URL
GreyNoise (1) https://gist.github.com/gnremy/c546c7911d5f876f263309d7161a7217
GreyNoise (2) https://gist.github.com/nathanqthai/01808c569903f41a52e7e7b575caa890
Malwar3Ninja's GitHub https://github.com/Malwar3Ninja/Exploitation-of-Log4j2-CVE-2021-44228/blob/main/Threatview.io-log4j2-IOC-list
Tweetfeed.live by @0xDanielLopez https://twitter.com/0xdaniellopez/status/1470029308152487940?s=21
Azure Sentinel https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/Log4j_IOC_List.csv
URLhaus https://urlhaus.abuse.ch/browse/tag/log4j/
Malware Bazaar https://bazaar.abuse.ch/browse/tag/log4j/
ThreatFox https://threatfox.abuse.ch/browse/tag/log4j/
Cronup https://github.com/CronUp/Malware-IOCs/blob/main/2021-12-11_Log4Shell_Botnets
RedDrip7 https://github.com/RedDrip7/Log4Shell_CVE-2021-44228_related_attacks_IOCs
AbuseIPDB Google/Bing Dorks site:abuseipdb.com "log4j", site:abuseipdb.com "log4shell"
CrowdSec https://gist.github.com/blotus/f87ed46718bfdc634c9081110d243166
Andrew Grealy, CTCI https://docs.google.com/spreadsheets/d/e/2PACX-1vT1hFu_VlZazvc_xsNvXK2GJbPBCDvhgjfCTbNHJoP6ySFu05sIN09neV73tr-oYm8lo42qI_Y0whNB/pubhtml#
Bad Packets https://twitter.com/bad_packets/status/1469225135504650240

Threat Reports

Source Threat URL
@GelosSnake Kinsing https://twitter.com/GelosSnake/status/1469341429541576715
@an0n_r0 Kinsing https://twitter.com/an0n_r0/status/1469420399662350336?s=20
@zom3y3 Muhstik https://twitter.com/zom3y3/status/1469508032887414784
360 NetLab Mirai, Muhstik https://blog.netlab.360.com/threat-alert-log4j-vulnerability-has-been-adopted-by-two-linux-botnets/
MSTIC Cobalt Strike https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/
Cronup Kinsing, Katana-Marai, Tsunami-Mirai https://twitter.com/1zrr4h/status/1469734728827904002?s=21
Cisco Talos Kinsing, Mirai https://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html
Profero Kinsing https://medium.com/proferosec-osm/log4shell-massive-kinsing-deployment-9aea3cf1612d
CERT.ch Kinsing, Mirai, Tsunami https://www.govcert.ch/blog/zero-day-exploit-targeting-popular-java-library-log4j/
IronNet Mirai, Cobalt Strike https://www.ironnet.com/blog/log4j-new-software-supply-chain-vulnerability-unfolding-as-this-holidays-cyber-nightmare

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published