ioc[.]one - OSINT Cyber Threat Intelligence Database

PowerPoint Presentation

Show in Graph

Common Information

Type	Value
UUID	9d02d67e-0747-4dd7-a475-f4539eeb8006
Fingerprint	962cebb1e56064beaffbb2cc9145b26ac438e86b772bc0678002e231e83589db
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 29, 2021, 5:41 p.m.
Added to db	Feb. 7, 2024, 6:47 p.m.
Last updated	Aug. 31, 2024, 2:08 a.m.
Headline	PowerPoint Presentation
Title	PowerPoint Presentation
Detected Hints/Tags/Attributes	141/3/252

Source URLs

	Redirection	Url
Details	Source	https://www.hivepro.com/wp-content/uploads/2021/11/Apache-released-a-patch-to-address-the-critical-zero-day-vulnerability-in-log4j_TA202157-1.pdf

URL Provider

Details	Provider	Source level domain
Details	hivepro.com	www.hivepro.com

Attributes

Details	Type	#Events	Value
Details	CVE	397	cve-2021-44228
Details	CVE	2	cve-2021-45056
Details	CVE	41	cve-2021-45105
Details	CVE	18	cve-2021-4104
Details	CVE	22	cve-2021-44832
Details	CVE	67	cve-2021-45046
Details	Domain	13	cron.sh
Details	Domain	9	lh.sh
Details	Domain	8	localbitcoins.net
Details	Domain	1	log.exposedbotnets.ru
Details	Domain	3	nazi.uy
Details	Domain	23	logging.apache.org
Details	Domain	9	www.lunasec.io
Details	Domain	641	nvd.nist.gov
Details	Domain	280	thehackernews.com
Details	Domain	13	cert-agid.gov.it
Details	Domain	55	otx.alienvault.com
Details	Domain	219	gist.github.com
Details	Domain	19	www.huntress.com
Details	Domain	4127	github.com
Details	Domain	3	www.govcert.ch
Details	Domain	52	security.netapp.com
Details	Domain	150	www.vmware.com
Details	Domain	124	www.sentinelone.com
Details	Domain	38	blog.netlab.360.com
Details	Domain	157	www.oracle.com
Details	Domain	1	apt.thaicert.or.th
Details	Domain	18	zdnet.com
Details	Domain	1	www.techsolvency.com
Details	Domain	6	repo1.maven.org
Details	File	4	rmi.obj
Details	File	1	cosnaming.obj
Details	File	23	xmrig.exe
Details	File	1	hackers-exploit-log4j-vulnerability-to.html
Details	File	1	log4shell-iocs.txt
Details	File	5	vmsa-2021-0028.html
Details	File	1	alert-cve-2021-44228.html
Details	File	2	migration.html
Details	Github username	35	neo23x0
Details	Github username	5	mubix
Details	Github username	2	nathanqthai
Details	Github username	3	yfrytchsgd
Details	Github username	1	swithak
Details	Github username	1	pravin-pp
Details	Github username	40	apache
Details	md5	1	3dfbe75871e218d08328a01c56e1bb42
Details	md5	1	1538d8c342e3e2a31cd16e01e3865276
Details	md5	1	9cb138881a317a7f49c74c3e462f35f4
Details	md5	1	dbc9125192bd1994cbb764f577ba5dda
Details	md5	1	c6e8e6bb0295437fb790b1151a1b107e
Details	md5	1	a191dbc673dc3d5eb1c4736a8278ca57
Details	md5	2	cf2ce888781958e929be430de173a0f8
Details	md5	1	20df80b56b1b6ffc8ca49f8ad3ab7b81
Details	md5	1	ab80c03c460bd3d6a631fd0cedddef49
Details	md5	1	d766bd832973a991c5894a3521c9815e
Details	md5	3	648effa354b3cbaad87b45f48d59c616
Details	md5	1	1e051111c4cf327775dc3bab4df4bf85
Details	md5	2	0579a8907f34236b754b07331685d79e
Details	md5	2	ccef46c7edf9131ccffc47bd69eb743b
Details	md5	1	51e052eb6032d11b3093fecb901870ea
Details	md5	1	6ddd9abdd8775b9e1341861fe13fc10a
Details	md5	3	c717c47941c150f867ce6a62ed0d2d35
Details	md5	1	843413de774035248d597941839e3b82
Details	md5	1	844864c45816b10356b730f450bd7037
Details	md5	1	7356212c0268bfdf78e089b0b9f3a32d
Details	md5	1	0f7c2dd019afcc092fd421ee52431aff
Details	md5	1	5b30284b34dcc1912326812c7d2ea723
Details	md5	1	eb71a394bcf3e8f83198d51f3f6d7422
Details	md5	1	bf6935865f63c32c0530a61da9b85d53
Details	md5	1	720a3a92e72054dc8d58e229c22bb892
Details	md5	2	f6e51ea341570c6e9e4c97aee082822b
Details	md5	2	e4c8b03ff8cdf1fa63b7d15db6e3860b
Details	md5	2	01808c569903f41a52e7e7b575caa890
Details	md5	1	b66db3a06c2955a9cb71a8718970c592
Details	sha1	1	7758f16acf29c00c396fa5e8f03856155c89784e
Details	sha1	1	b33df9a29540f764236e76c1ea36e7d75607db84
Details	sha1	1	98a630440b59e49d20cb1f1e467211ecbf0a8404
Details	sha1	1	59476879657802689e627a6718ac7ec2c97e5d0a
Details	sha1	1	bf2df8f2813ef4e2cf61ea193e091b808aa854c7
Details	sha1	2	e851126ef41e3dc474238d3160f4b0e7e3bbb7ec
Details	sha1	1	8611063eefa5cc2bbec29870fb56779192eed454
Details	sha1	1	f568eb59fd37b2fe37db730292594d875d3a11e8
Details	sha1	1	6feb75ac62120bae1e92ab16184c1eb0b795e4b3
Details	sha1	1	fe7f814841791cddbba37f96a79cb3bf8f26c913
Details	sha1	2	0194637f1e83c2efc8bcda8d20c446805698c7bc
Details	sha1	1	ca4080486566e2cf828de2b72bca1ae0c3bdd8b7
Details	sha1	1	abb335c12d5eb8a3e9fc4c5156c599a0682b7c0b
Details	sha1	2	38c56b5e1489092b80c9908f04379e5a16876f01
Details	sha1	1	3379e4778637ad8ba7aac2cab9da36f3a26598ad
Details	sha1	1	1728f5e2b9abc33184c9b652041b2f438d7ff991
Details	sha1	1	0d5c6785318e04939abc5edbb15956de2f01ded1
Details	sha1	1	6cdbce4d65a5be9a4d8c55d74b30186991d38de9
Details	sha256	2	e5e9b0f8d72f4e7b9022b7a83c673334d7967981191d2d98f9c57dc97b4caae1
Details	sha256	2	68d793940c28ddff6670be703690dfdf9e77315970c42c4af40ca7261a8570fa
Details	sha256	2	9da0f5ca7c8eab693d090ae759275b9db4ca5acdbcfe4a63d3871e0b17367463
Details	sha256	2	006fc6623fbb961084243cfc327c885f3c57f2eba8ee05fbc4e93e5358778c85
Details	sha256	1	2a68fb75fdfb94a63d666a51111ebf38c5d51844e5002d13cba9839102d67653
Details	sha256	1	7e9663f87255ae2ff78eb882efe8736431368f341849fec000543f027bdb4512
Details	sha256	1	397ee39d591abe45648d55feb3aaf98258eda59ccf36b2a6d9bc2198eb2ea2b2
Details	sha256	1	7937bbe245511e3666b1f90661bc5fff1ae7bcb1cfda1e5aad9976b66d871c7f
Details	sha256	1	1f09bc7eb818beb01f304e96589e5239d3dc525a7b14ce902386211e4ec20b09
Details	sha256	1	5621a68c852e0f11a813bbe6cfec2a6419654a31d9da7534fd2a835381f8f90a
Details	sha256	1	0f5cb7f8c43d3ebf71d7e22a2ac2fb94d0457ffea870daa2c402508caa39aca8
Details	sha256	1	1de182015b280f40b04faac87424f3ae00db8bc90b3ec5d7c02092d72ca1b21e
Details	sha256	2	e8b2a8d0c3444c53f143d0b4ba87c23dd1b58b03fd0a6b1bcd6e8358e57807f1
Details	sha256	1	93a9db9e9e617e460c3f27073337693e43639edb4c551c7ded86ec57039a42f8
Details	sha256	1	063ccf736c2c19ca5db70b8d8a7cf00377899c16023c63fee836bdefadd336c1
Details	sha256	1	704db1ff3acb38583727ed870f48dc67b70ea9f09882ff56a927a82283d9837d
Details	sha256	1	4b8e0b70c420d83041629b71404c4d9cb942851a6a0a207b0b353fca4ad289d2
Details	sha256	6	c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a
Details	sha256	1	6b9e23cb675be370a18a0c4482dc566be28920d4f1cd8ba6b4527f80acf978d3
Details	sha256	4	3f6120ca0ff7cf6389ce392d4018a5e40b131a083b071187bf54c900e2edad26
Details	sha256	6	6e25ad03103a1a972b78c642bac09060fa79c460011dc5748cbb433cc459938b
Details	sha256	1	7101cb0d0229a3794d7575b619f051dde4eba58eae47756f675d552502e6dbe9
Details	sha256	1	8fd4416f84d30f0480b2676c0fe3e31ce1e10d5f3d88d10bc6cc3e5d878ba0b2
Details	sha256	3	2a4e636c4077b493868ea696db3be864126d1066cdc95131f522a4c9f5fb3fec
Details	sha256	4	63d43e5b292b806e857470e53412310ad7103432ba3390ecd4f74e432530a8a9
Details	sha256	4	c38f0f809a1d8c50aafc2f13185df1441345f83f6eb4ef9c48270b9bd90c6799
Details	sha256	3	6a8965a0f897539cc06fefe65d1a4c5fa450d002d1a9d5d69d2b48f697ee5c05
Details	sha256	4	715f1f821d028e165bfa750d73505f1a6136184999411300cc88c18ebfa6e8f7
Details	sha256	4	19370ef36f43904a57a667839727c09c50d5e94df43b9cfb3183ba766c4eae3d
Details	sha256	4	b55ddbaee7abf1c73570d6543dd108df0580b08f730de299579570c23b3078c0
Details	sha256	4	a3f72a73e146834b43dab8833e0a9cfee6d08843a4c23fdf425295e53517afce
Details	sha256	4	5c46098887e488d91f42c6d9b93b17b2736c9f4cb5a4a1e476c87c0d310a3f28
Details	sha256	1	370048d94830f0ebd41b052ef455ae4b5b7ca62cab27d1d8d94fdade67e454d0
Details	sha256	3	b3a6fe5bc3883fd26c682bb6271a700b8a6fe006ad8df6c09cc87530fcd3a778
Details	sha256	3	776c341504769aa67af7efc5acc66c338dab5684a8579134d3f23165c7abcc00
Details	sha256	3	fe98548300025a46de1e06b94252af601a215b985dad31353596af3c1813efb0
Details	sha256	4	e20806791aeae93ec120e728f892a8850f624ce2052205ddb3f104bbbfae7f80
Details	sha256	3	2b794cc70cb33c9b3ae7384157ecb78b54aaddc72f4f9cf90b4a4ce4e6cf8984
Details	sha256	5	6370939d4ff51b934b7a2674ee7307ed06111ab3b896a8847d16107558f58e5b
Details	sha256	1	1a5550f8c0fd049c03d55ebf6829b65d87e27c785f5c6e968dbd3af2ea5b0b50
Details	sha256	3	c154d739cab62e958944bb4ac5ebad6e965a0442a3f1c1d99d56137e3efa8e40
Details	sha256	6	0e574fd30e806fe4298b3cbccb8d1089454f42f52892f87554325cb352646049
Details	sha256	3	8052f5cc4dfa9a8b4f67280a746acbc099319b9391e3b495a27d08fb5f08db81
Details	sha256	2	8933820cf2769f6e7f1a711e188f551c3d5d3843c52167a34ab8d6eabb0a63ef
Details	sha256	1	8b1d95123a8da5fc351422aa057b9ec7a954c608570757d644e56c72133ec1ed
Details	sha256	4	39db1c54c3cc6ae73a09dd0a9e727873c84217e8f3f00e357785fba710f98129
Details	sha256	1	3025630185ea8a3781422351a8a4d415b3f47ed242a70e53fb0d8755ddd01b63
Details	sha256	1	5fb63deb96eb24a181a58401882d064fc112036aab52a1126fbf254e07562595
Details	sha256	1	eddcd0d13b461e60a52060fc8b60ddb06c552ff645ee557c40b43052ee35b029
Details	sha256	1	80faa26a8f697e16f72239936a4ef7863742c78dc2a997abaf3265cda51a5514
Details	sha256	1	15e7942ebf88a51346d3a5975bb1c2d87996799e6255db9e92aed798d279b36b
Details	sha256	1	9db49e8da667d03c6f758bafa156d0dccb6433ca3f37b3cd94170f749048b779
Details	sha256	1	b74b2907b3b47fcbdab5054ec3ae8a46c7c330fa60d637e735ce9fe73d9ab687
Details	sha256	1	93736b26b43ad75a693b01a8764b5771f234858d3f2fed98ee7c3108994727ae
Details	sha256	1	f2e3f685256e5f31b05fc9f9ca470f527d7fdae28fa3190c8eba179473e20789
Details	sha256	1	90ee1a8e8f0ea5085b83b8efe174674a93260b599729bf53e1b140e2acc7d26f
Details	sha256	1	7e81fc39bcc8e92a4f0c1296d38df6a10353bbe479e11e2a99a256f670aae392
Details	sha256	1	c56860f50a23082849b6f06fb769f02d2a90753aa8e9397015d8df991c961644
Details	sha256	1	3e6567dab5e7c7c42a02ac47e8c68f61c9c481bbbbe5ddb1c68e86f7370dab45
Details	sha256	1	95ac2e2cd2caf30829a9588988601067a98f9bb02e0776a8ef2b813f9b4d8992
Details	sha256	1	9dc313bdf572fc01fe3e38a618a0872599a57053b76955098f5eb9bac90c4791
Details	sha256	1	1b671c42ed304dc34ba41ac9f7666a251336455894350af40f402c30afd497df
Details	sha256	1	460b096aaf535b0b8f0224da0f04c7f7997c62bf715839a8012c1e1154a38984
Details	sha256	1	4d15aa5d68b0e8b081c18d0ee5c06cc1758d17246a8d01b3c8ac48d1ef07610b
Details	sha256	1	df84d3e83b4105f9178e518ca69e1a2ec3116d3223003857d892b8a6f64b05ba
Details	sha256	1	c17e71c7ae15fdb02a4e22df4f50fb44215211755effd6e3fc56e7f3e586b299
Details	sha256	2	8e1e0ddeb249b9f8331b1562498d2cbd9138ec5e00c55a521d489e65b7ef447d
Details	sha256	2	aef59db50378667cff8b3181421445c59a27932d835d47f016a879ced1f04dd7
Details	sha256	2	afceea7c2fc2d273a60c73d209f4a700b98aa2d8df9740fb0a08c3ae47890539
Details	sha256	2	b61f624589d5ad3584e09f3174f8e3e1ac38958f260eee526b0abaf7389d7932
Details	sha256	1	1e9962a003e423c0bd217ea674754e4d683df8749575302156f9f3e28f3fe6da
Details	sha256	1	8abaa521a014cdbda2afe77042f21947b147197d274bf801de2df55b1e01c904
Details	sha256	2	5c8710638fad8eeac382b0323461892a3e1a8865da3625403769a4378622077e
Details	sha256	1	6ce1bebcd641892898e3a5c14931b1c85dea779578b9c6b752c0b002c6ea3791
Details	IPv4	10	45.155.205.233
Details	IPv4	5	185.191.32.198
Details	IPv4	4	45.137.155.55
Details	IPv4	9	185.154.53.140
Details	IPv4	1	44.240.146.137
Details	IPv4	3	209.141.41.103
Details	IPv4	1	209.127.17.242
Details	IPv4	2	18.27.197.252
Details	IPv4	1	158.247.216.148
Details	IPv4	11	62.210.130.250
Details	IPv4	3	45.130.229.168
Details	IPv4	3	18.228.7.109
Details	IPv4	1	210.141.105.67
Details	IPv4	2	159.89.182.117
Details	Mandiant Temporary Group Assumption	6	TEMP.BEANIE
Details	MITRE ATT&CK Techniques	542	T1190
Details	MITRE ATT&CK Techniques	245	T1203
Details	MITRE ATT&CK Techniques	695	T1059
Details	MITRE ATT&CK Techniques	107	T1496
Details	MITRE ATT&CK Techniques	58	T1498
Details	MITRE ATT&CK Techniques	67	T1505
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	56	T1553
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	472	T1486
Details	MITRE ATT&CK Techniques	14	T1090.004
Details	MITRE ATT&CK Techniques	89	T1114
Details	MITRE ATT&CK Techniques	38	T1550.002
Details	MITRE ATT&CK Techniques	109	T1210
Details	MITRE ATT&CK Techniques	176	T1135
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	124	T1482
Details	MITRE ATT&CK Techniques	440	T1055
Details	MITRE ATT&CK Techniques	208	T1068
Details	Threat Actor Identifier - APT	194	APT35
Details	Url	1	http://45.137.155.55/xmrig.exe
Details	Url	2	http://45.137.155.55/kinsing
Details	Url	1	http://45.137.155.55/kinsing2
Details	Url	2	http://185.154.53.140/mg
Details	Url	2	http://185.154.53.140/get
Details	Url	1	http://45.137.155.55/cron.sh
Details	Url	3	http://62.210.130.250/lh.sh
Details	Url	1	http://62.210.130.250:80/web/admin/x86_64
Details	Url	1	http://62.210.130.250:80/web/admin/x86
Details	Url	1	http://62.210.130.250:80/web/admin/x86_g
Details	Url	1	http://45.130.229.168:9999/exploit.class
Details	Url	2	http://18.228.7.109/.log/log
Details	Url	2	http://18.228.7.109/.log/pty1
Details	Url	2	http://18.228.7.109/.log/pty2
Details	Url	2	http://18.228.7.109/.log/pty3
Details	Url	2	http://18.228.7.109/.log/pty4
Details	Url	2	http://18.228.7.109/.log/pty5
Details	Url	1	http://210.141.105.67:80/wp-content/themes/twentythirteen/m8
Details	Url	2	http://159.89.182.117/wp-content/themes/twentyseventeen/ldm
Details	Url	5	https://localbitcoins.net
Details	Url	1	http://158.247.216.148:80
Details	Url	1	https://logging.apache.org/log4j/2.x
Details	Url	5	https://www.lunasec.io/docs/blog/log4j-zero-day
Details	Url	12	https://nvd.nist.gov/vuln/detail/cve-2021-44228
Details	Url	1	https://thehackernews.com/2021/12/hackers-exploit-log4j-vulnerability-to.html?m=1
Details	Url	1	https://cert-agid.gov.it/download/log4shell-iocs.txt
Details	Url	1	https://otx.alienvault.com/indicator/cve/cve-2021-44228
Details	Url	2	https://gist.github.com/neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b
Details	Url	1	https://www.huntress.com/blog/rapid-response-critical-rce-vulnerability-is-affecting-java
Details	Url	1	https://www.tenable.com/blog/cve-2021-44228-proof-of-concept-for-critical-apache-log4j-remote-code-execution-vulnerability
Details	Url	1	https://github.com/mubix/cve-2021-44228-log4shell-hashes
Details	Url	2	https://gist.github.com/nathanqthai/01808c569903f41a52e7e7b575caa890
Details	Url	3	https://github.com/yfrytchsgd/log4jattacksurface
Details	Url	1	https://gist.github.com/swithak/b66db3a06c2955a9cb71a8718970c592
Details	Url	1	https://www.govcert.ch/blog/zero-day-exploit-targeting-popular-java-library-log4j
Details	Url	1	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-log4j-qruknebd
Details	Url	3	https://security.netapp.com/advisory/ntap-20211210-0007
Details	Url	5	https://www.vmware.com/security/advisories/vmsa-2021-0028.html
Details	Url	1	https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-
Details	Url	1	https://www.sentinelone.com/blog/cve-2021-44228-staying-secure-apache-log4j-vulnerability
Details	Url	1	https://blog.checkpoint.com/2021/12/11/protecting-against-cve-2021-44228-apache-log4j2-versions-2-14-1
Details	Url	4	https://blog.netlab.360.com/threat-alert-log4j-vulnerability-has-been-adopted-by-two-linux-botnets
Details	Url	1	https://www.oracle.com/security-alerts/alert-cve-2021-44228.html
Details	Url	1	https://apt.thaicert.or.th/cgi-bin/showcard.cgi?g=magic
Details	Url	1	https://github.com/pravin-pp/log4j2-cve-2021-45105
Details	Url	1	https://www.advintel.io/post/ransomware-advisory-log4shell-exploitation-for-initial-access-lateral-movement
Details	Url	1	http://zdnet.com/article/belgian-defense-ministry-confirms-cyberattack-through-log4j-exploitation
Details	Url	1	https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell
Details	Url	2	https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.15.0
Details	Url	2	https://logging.apache.org/log4j/2.x/manual/migration.html
Details	Url	3	https://github.com/apache/logging-log4j2/pull/607/files