Log4Shell IOCs|Log4j威胁报告列表

Log4Shell IOCs|Log4j威胁报告列表

项目地址

github.com/curated-intel/Log4Shell-IOCs

侵害指标列表详情

Curated Intelligence Trust Group 的成员编制了一份 IOC 提要和威胁报告列表,重点关注最近针对 Log4j 中 CVE-2021-44228 的 Log4Shell 漏洞利用

分析师评论:

  • LOW-TO-MEDIUM CONFIDENCE我们强烈建议不要将这些提要共享的 IOC添加到阻止列表中
  • 这些可能用于THREAT HUNTING并可以添加到WATCHLIST
  • 各种组织的策展英特尔成员推荐FOCUS ON POST-EXPLOITATION ACTIVITY利用 Log4Shell 的威胁(例如威胁参与者、僵尸网络)
  • IOC 包括 JNDI 请求(LDAP,还有 DNS 和 RMI)、加密矿工、DDoS 机器人以及 Meterpreter 或 Cobalt Strike
  • 要监控的关键 IOC 还包括使用基于 DNS 的环境变量(例如密钥或令牌)渗漏的攻击 – 请参阅此处

侵害指标(IOCs)

来源网址
GreyNoise (1)https://gist.github.com/gnremy/c546c7911d5f876f263309d7161a7217
Malwar3Ninja’s GitHubhttps://github.com/Malwar3Ninja/Exploitation-of-Log4j2-CVE-2021-44228/blob/main/Threatview.io-log4j2-IOC-list
Tweetfeed.live by @0xDanielLopezhttps://twitter.com/0xdaniellopez/status/1470029308152487940?s=21
Azure Sentinelhttps://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/Log4j_IOC_List.csv
URLhaushttps://urlhaus.abuse.ch/browse/tag/log4j/
Malware Bazaarhttps://bazaar.abuse.ch/browse/tag/log4j/
ThreatFoxhttps://threatfox.abuse.ch/browse/tag/log4j/
Cronuphttps://github.com/CronUp/Malware-IOCs/blob/main/2021-12-11_Log4Shell_Botnets
RedDrip7https://github.com/RedDrip7/Log4Shell_CVE-2021-44228_related_attacks_IOCs
AbuseIPDBGoogle/Bing Dorks site:abuseipdb.com “log4j”, site:abuseipdb.com “log4shell”
CrowdSechttps://gist.github.com/blotus/f87ed46718bfdc634c9081110d243166
Andrew Grealy, CTCIhttps://docs.google.com/spreadsheets/d/e/2PACX-1vT1hFu_VlZazvc_xsNvXK2GJbPBCDvhgjfCTbNHJoP6ySFu05sIN09neV73tr-oYm8lo42qI_Y0whNB/pubhtml#
Bad Packetshttps://twitter.com/bad_packets/status/1469225135504650240
NCSC-NLhttps://github.com/NCSC-NL/log4shell/tree/main/iocs
Costin Raiu, Kasperskyhttps://twitter.com/craiu/status/1470341085734051840?s=21
Kasperskyhttps://securelist.com/cve-2021-44228-vulnerability-in-apache-log4j-library/105210/
SANS Internet Storm Centerhttps://isc.sans.edu/diary/Log4Shell+exploited+to+implant+coin+miners/28124

威胁报告

来源威胁网址
@GelosSnakeKinsinghttps://twitter.com/GelosSnake/status/1469341429541576715
@an0n_r0Kinsinghttps://twitter.com/an0n_r0/status/1469420399662350336?s=20
@zom3y3Muhstikhttps://twitter.com/zom3y3/status/1469508032887414784
360 NetLab (1)Mirai, Muhstikhttps://blog.netlab.360.com/threat-alert-log4j-vulnerability-has-been-adopted-by-two-linux-botnets/
MSTICCobalt Strikehttps://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/
CronupKinsing, Katana-Marai, Tsunami-Miraihttps://twitter.com/1zrr4h/status/1469734728827904002?s=21
Cisco TalosKinsing, Miraihttps://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html
ProferoKinsinghttps://medium.com/proferosec-osm/log4shell-massive-kinsing-deployment-9aea3cf1612d
CERT.chKinsing, Mirai, Tsunamihttps://www.govcert.ch/blog/zero-day-exploit-targeting-popular-java-library-log4j/
IronNetMirai, Cobalt Strikehttps://www.ironnet.com/blog/log4j-new-software-supply-chain-vulnerability-unfolding-as-this-holidays-cyber-nightmare
@80vulNew Ransomwarehttps://twitter.com/80vul/status/1470272820571963392
@Laughing_MantisLog4j Wormhttps://twitter.com/Laughing_Mantis/status/1470168079137067008
LaceworkKinsing, Miraihttps://www.lacework.com/blog/lacework-labs-identifies-log4j-attackers/
360 NetLab (2)Muhstik, Mirai, BillGates, XMRig, m8220, SitesLoader, Meterperterhttps://blog.netlab.360.com/ten-families-of-malicious-samples-are-spreading-using-the-log4j2-vulnerability-now/
Trend MicroCobalt Strike, Kirabash, Swrort, Kinsing, Miraihttps://www.trendmicro.com/en_us/research/21/l/patch-now-apache-log4j-vulnerability-called-log4shell-being-acti.html

Payload 样本

来源网址
GreyNoise (2)https://gist.github.com/nathanqthai/01808c569903f41a52e7e7b575caa890
Cloudflarehttps://blog.cloudflare.com/actual-cve-2021-44228-payloads-captured-in-the-wild/
yt0nghttps://gist.github.com/yt0ng/8a87f4328c8c6cde327406ef11e68726
eromanghttps://github.com/eromang/researches/tree/main/CVE-2021-44228
VX-Undergroundhttps://samples.vx-underground.org/samples/Families/Log4J%20Malware/

附恶意攻击ip,域名列表

https://www.ddosi.org/log4j.html

log4j-IOCs-侵害指标汇总

Log4Shell IOCs|Log4j威胁报告列表

转载请注明出处及链接

Leave a Reply

您的电子邮箱地址不会被公开。