【12.14更新】Apache Log4j2 (CVE-2021-44228) 漏洞相关攻击IOC全披露

【12.14更新】Apache Log4j2 (CVE-2021-44228) 漏洞相关攻击IOC全披露
2021-12-15 01:16:37 Author: mp.weixin.qq.com(查看原文) 阅读量:46 收藏

Apache Log4j2 (CVE-2021-44228)漏洞的利用呈加剧趋势，奇安信威胁情报中心将收集持续整理IOC供安全社区使用。

本文中给出的IOCs均为12月14日新增。更多详情见奇安信威胁情报中心历史发布：

12月12日: Apache Log4j2 (CVE-2021-44228)漏洞相关攻击IOC全披露

12月13日: 【更新】Apache Log4j2 (CVE-2021-44228)漏洞相关攻击IOC全披露

我们创建的Github项目https://github.com/RedDrip7/Log4Shell_CVE-2021-44228_related_attacks_IOCs也会同步更新，最新的数据可直接从Github库获取。

利用log4j漏洞传播的Botnet等恶意程序的IOC：

HASH	843413de774035248d597941839e3b82
HASH	1e051111c4cf327775dc3bab4df4bf85
HASH	20df80b56b1b6ffc8ca49f8ad3ab7b81
HASH	1cf9b0571decff5303ee9fe3c98bb1f1
HASH	d766bd832973a991c5894a3521c9815e
HASH	c6e8e6bb0295437fb790b1151a1b107e
HASH	a191dbc673dc3d5eb1c4736a8278ca57
HASH	194db367fbb403a78d63818c3168a355
HASH	c01383125df1ecbc5bb85249a57e764c
HASH	6ddd9abdd8775b9e1341861fe13fc10a
HASH	844864c45816b10356b730f450bd7037
HASH	18cc66e29a7bc435a316d9c292c45cc6
HASH	ab80c03c460bd3d6a631fd0cedddef49
HASH	51e052eb6032d11b3093fecb901870ea
HASH	e6872486aa6eed9309d787637c287cae
HASH	1780d9aaf4c048ad99fa93b60777e3f9
HASH	f8ed43117dfb995f4b9d88f566394ba4
HASH	6cead82e17c2dacbb83998cfe3841704
HASH	163e03b99c8cb2c71319a737932e9551
HASH	c8ba8bcfd8f068a19b89f112e80a9e56
HOST_PORT_URL	http://93.189.42.8/kinsing
HOST_PORT_URL	http://93.189.42.8/lh.sh
HOST_PORT_URL	http://193.3.19.159/logme.class
HOST_PORT_URL	http://45.130.229.168/exploit.class
HOST_PORT_URL	http://164.52.212.196:88/log
HOST_PORT_URL	http://164.52.212.196:88/st.vbs
HOST_PORT_URL	http://45.130.229.168:9999/exploit.class
HOST_PORT_URL	http://164.52.212.196:88/11.bat
HOST_PORT_URL	http://31.220.58.29/exploit0.class
HOST_PORT_URL	http://164.52.212.196/
HOST_PORT_URL	http://164.52.212.196:88/Jamf.ps1
HOST_PORT_URL	http://80.71.158.12/exploit69ogqnsqyz.class
HOST_PORT_URL	http://164.52.212.196:88/je
HOST_PORT_URL	http://164.52.212.196/logback.exe
HOST_PORT_URL	http://31.220.58.29/exploit.class
HOST_PORT_URL	http://164.52.212.196:88/
HOST_PORT_URL	http://164.52.212.196/1.jpg
HOST_PORT_URL	http://164.52.212.196:88/logc
HOST_PORT_URL	http://164.52.212.196:88/eth.jpg
HOST_PORT_URL	http://146.112.61.110/exploit.class
HOST_PORT_URL	http://31.220.58.29/foo.class
HOST_PORT_URL	http://164.52.212.196:88/1.jpg
HOST_PORT_URL	http://164.52.212.196/config.jpg
HOST_PORT_URL	http://164.52.212.196/eth.jpg
HOST_PORT_URL	http://164.52.212.196/st.sh
HOST_PORT_URL	http://45.130.229.168:1389/exploit.class
HOST_PORT_URL	http://164.52.212.196:88/s.ps1
HOST_PORT_URL	http://164.52.212.196/je
HOST_PORT_URL	http://164.52.212.196/st.vbs
HOST_PORT_URL	http://164.52.212.196:88/logback.exe
HOST_PORT_URL	http://164.52.212.196:88/config.json
HOST_PORT_URL	http://164.52.212.196/LogBack.exe
HOST_PORT_URL	http://164.52.212.196:88/sys.ps1
HOST_PORT_URL	http://164.52.212.196:88/config.jpg
HOST_PORT_URL	http://164.52.212.196/sys.ps1
HOST_PORT_URL	http://164.52.212.196:88/st.sh
IP_PORT	3.85.59.114:1389
IP_PORT	205.185.115.217:47324
IP_PORT	66.23.227.195:1389
IP_PORT	45.146.164.160:1389
IP_PORT	139.59.175.247:1389
IP_PORT	45.155.205.233:1389
IP_PORT	193.3.19.159:53
IP_PORT	139.162.20.98:1389
IP_PORT	194.163.133.36:1389
IP_PORT	80.71.158.44:1534
IP_PORT	92.242.40.21:5557
IP_PORT	141.105.65.94:9999
IP_PORT	167.172.44.255:389
IP_PORT	81.30.157.43:1389
IP_PORT	134.209.163.248:389
IP_PORT	163.172.157.143:1389
IP_PORT	167.172.44.255:1389
IP_PORT	79.172.214.11:1389
IP_PORT	154.82.110.5:25009
IP_PORT	195.54.160.149:12344
IP_PORT	62.182.158.156:1389
IP_PORT	185.244.158.212:9080
IP_PORT	67.205.191.102:1389
IP_PORT	154.82.110.5:1234
IP_PORT	185.250.148.157:1389
IP_PORT	139.59.175.247:1099
IP_PORT	5.255.97.172:1389
IP_PORT	45.146.164.160:8081

点击阅读原文至RedDrip GitHub项目获取更多IOCs

文章来源: http://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247498038&idx=1&sn=2334edd781f2a9f5f1bee458e6825039&chksm=ea660e41dd11875713e0e89ba588cee0154ac7c52f2965142b3bc0f0fc5b99a2b8e12bb13a4c#rd
如有侵权请联系:admin#unsafe.sh