Sh0ckFR/log4j-CVE-2021-44228-Public-IoCs

Public IoCs about log4j CVE-2021-44228

log4j (log4shell) CVE-2021-44228 Public IoCs list

Public IoCs about log4j CVE-2021-44228 (log4shell) based on Twitter and others social networks (pull requests accepted, I remove duplicates automatically)

IPs

• https://github.com/Sh0ckFR/log4j-CVE-2021-44228-Public-IoCs/raw/main/ips.txt

Callbacks domains

• https://github.com/Sh0ckFR/log4j-CVE-2021-44228-Public-IoCs/raw/main/callbacks-domains.txt

Hashes (binaries)

• https://github.com/Sh0ckFR/log4j-CVE-2021-44228-Public-IoCs/raw/main/hashes-binaries.txt

Hashes for vulnerable log4j versions available here

• https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes

Payloads detected list available here

• https://gist.github.com/nathanqthai/01808c569903f41a52e7e7b575caa890

Yara rule (work in progress)

• https://github.com/Sh0ckFR/log4j-CVE-2021-44228-Public-IoCs/blob/main/yara-rule.yar

---

IoCs Sources (sources used to create my own lists above)

• https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b
• https://github.com/axelmorningstar/log4j
• https://gist.github.com/gnremy/c546c7911d5f876f263309d7161a7217
• https://github.com/CriticalPathSecurity/Zeek-Intelligence-Feeds/blob/master/log4j_ip.intel
• https://gist.github.com/superducktoes/9b742f7b44c71b4a0d19790228ce85d8
• https://github.com/Malwar3Ninja/Exploitation-of-Log4j2-CVE-2021-44228/blob/main/Threatview.io-log4j2-IOC-list
• https://github.com/eshlomo1/Azure-Sentinel-4-SecOps/blob/master/Hunting/CVE-2021-44228-Logshell/log4j-ioc-list.csv
• https://raw.githubusercontent.com/guardicode/CVE-2021-44228_IoCs/main/iocs.csv
• https://github.com/Orange-Cyberdefense/log4shell_iocs
• Tweets from various users

Here is a tool to detect attemps

• https://github.com/Neo23x0/log4shell-detector

Actual Log4j impact on manufacturers and components summary from the Internet community

• https://github.com/YfryTchsGD/Log4jAttackSurface
• https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592