hackinghippo/log4shell_ioc_ips

log4j / log4shell IoCs from multiple sources put together in one big file (IPs) more coming soon (CVE-2021-44228)

j4shell_ioc_ips

big dump from known log4j/log4shell malicious ip adresses unique and sorted update once a hour only if changes were made! (CVE-2021-44228) happy hunting

disclaimer

This script is parsing a lot of Source so this list maybe has a lot of false positives don't block all ips in your firewall!

ToDo:

• add Whitelist [ONGOING]
• better regex exclude local ip adresses [X]
• add support for domains []

sources:

• https://gist.github.com/gnremy/c546c7911d5f876f263309d7161a7217
• https://github.com/Akikazuu/Apache-Log4j-RCE-Attempt
• https://github.com/RedDrip7/Log4Shell_CVE-2021-44228_related_attacks_IOCs
• https://gist.github.com/ycamper/26e021a2b5974049d113738d51e7641d
• https://github.com/Malwar3Ninja/Exploitation-of-Log4j2-CVE-2021-44228/blob/main/Threatview.io-log4j2-IOC-list
• https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/Log4j_IOC_List.csv
• https://github.com/CronUp/Malware-IOCs/blob/main/2021-12-11_Log4Shell_Botnets
• https://gist.github.com/blotus/f87ed46718bfdc634c9081110d243166
• https://tweetfeed.live/search.html
• https://raw.githubusercontent.com/CriticalPathSecurity/Public-Intelligence-Feeds/master/log4j.txt
• https://raw.githubusercontent.com/CriticalPathSecurity/Zeek-Intelligence-Feeds/master/log4j_ip.intel
• https://raw.githubusercontent.com/CriticalPathSecurity/Public-Intelligence-Feeds/master/log4j.txt
• https://urlhaus.abuse.ch/browse/tag/log4j/
• https://threatfox.abuse.ch/browse/tag/CVE-2021-44228/ ( and log4j)
• https://github.com/threatmonit/Log4j-IOCs
• https://raw.githubusercontent.com/eromang/researches/main/CVE-2021-44228/README.md
• https://github.com/Humoud/log4j_payloads
• https://gist.github.com/yt0ng/8a87f4328c8c6cde327406ef11e68726
• https://github.com/LogRhythm-Labs/log4Shell
• https://github.com/guardicode/CVE-2021-44228_IoCs
• https://github.com/bengisugun/Log4j-IOC
• https://github.com/shnoogie/log4j_ioc
• https://github.com/vul-log/log4j_iocs
• https://github.com/threatmonit/Log4j-IOCs
• https://github.com/aojald/LOG4J_IOC
• https://github.com/josephinetanadi/log4j-ioc-merge
• https://github.com/russelr46/IOC_log4j_apache
• https://github.com/prodigyak/Log4j-Wireshark-IOC-filter
• https://github.com/valtix-security/Log4j-Indicators-of-Compromise
• https://github.com/curated-intel/Log4Shell-IOCs
• https://github.com/Sh0ckFR/log4j-CVE-2021-44228-Public-IoCs