CVE-2021-44228 PoC — Apache Log4j 代码问题漏洞

Source

https://github.com/Sh0ckFR/log4j-CVE-2021-44228-Public-IoCs

Associated Vulnerability

Title:Apache Log4j 代码问题漏洞 (CVE-2021-44228)
Description:Apache Log4j是美国阿帕奇（Apache）基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞，攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器，当该请求被打印成日志时就会触发远程代码执行。

Description

Public IoCs about log4j CVE-2021-44228

Readme

# log4j (log4shell) CVE-2021-44228 Public IoCs list

Public IoCs about log4j CVE-2021-44228 (log4shell) based on Twitter and others social networks (pull requests accepted, I remove duplicates automatically)

## IPs

* https://github.com/Sh0ckFR/log4j-CVE-2021-44228-Public-IoCs/raw/main/ips.txt

## Callbacks domains

* https://github.com/Sh0ckFR/log4j-CVE-2021-44228-Public-IoCs/raw/main/callbacks-domains.txt

## Hashes (binaries)

* https://github.com/Sh0ckFR/log4j-CVE-2021-44228-Public-IoCs/raw/main/hashes-binaries.txt

## Hashes for vulnerable log4j versions available here

* https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes

## Payloads detected list available here

* https://gist.github.com/nathanqthai/01808c569903f41a52e7e7b575caa890

## Yara rule (work in progress)

* https://github.com/Sh0ckFR/log4j-CVE-2021-44228-Public-IoCs/blob/main/yara-rule.yar

---

#### IoCs Sources (sources used to create my own lists above)

* https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b
* https://github.com/axelmorningstar/log4j
* https://gist.github.com/gnremy/c546c7911d5f876f263309d7161a7217
* https://github.com/CriticalPathSecurity/Zeek-Intelligence-Feeds/blob/master/log4j_ip.intel
* https://gist.github.com/superducktoes/9b742f7b44c71b4a0d19790228ce85d8
* https://github.com/Malwar3Ninja/Exploitation-of-Log4j2-CVE-2021-44228/blob/main/Threatview.io-log4j2-IOC-list
* https://github.com/eshlomo1/Azure-Sentinel-4-SecOps/blob/master/Hunting/CVE-2021-44228-Logshell/log4j-ioc-list.csv
* https://raw.githubusercontent.com/guardicode/CVE-2021-44228_IoCs/main/iocs.csv
* https://github.com/Orange-Cyberdefense/log4shell_iocs
* Tweets from various users

#### Here is a tool to detect attemps

* https://github.com/Neo23x0/log4shell-detector

#### Actual Log4j impact on manufacturers and components summary from the Internet community

* https://github.com/YfryTchsGD/Log4jAttackSurface
* https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592

File Snapshot


 [4.0K]  /data/pocs/8333aa8a77c8b564d2a8e2776f684b41580f7140
├── [ 55K]  callbacks-domains.txt
├── [2.1K]  hashes-binaries.txt
├── [ 45K]  ips.txt
├── [1.9K]  README.md
└── [7.1K]  yara-rule.yar

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!