ioc[.]one - OSINT Cyber Threat Intelligence Database

Log4j Attacks - A Week in Review

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Dns - T1071.004 Dns - T1590.002 Exploits - T1587.004 Exploits - T1588.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006

Show in Graph

Common Information

Type	Value
UUID	6699319d-deee-49ee-8c59-4be481026a9c
Fingerprint	a48709d9c83026c7
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 20, 2021, midnight
Added to db	Aug. 31, 2024, 2:53 a.m.
Last updated	Nov. 17, 2024, 6:53 p.m.
Headline	Log4j Attacks - A Week in Review
Title	Log4j Attacks - A Week in Review
Detected Hints/Tags/Attributes	44/2/52

Source URLs

	Redirection	Url
Details	Source	https://www.lacework.com/blog/log4j-attacks-a-week-in-review

URL Provider

Details	Provider	Source level domain
Details	lacework.com	www.lacework.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	326	✔	Lacework Blog	https://www.lacework.com/lacework_blog.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	397	cve-2021-44228
Details	CVE	67	cve-2021-45046
Details	Domain	1	l4j.p5k9q4p8cdf6n8wv0fw73jqut.canarytokens.com
Details	Domain	1	jndi.sh
Details	Domain	4	lh2.sh
Details	Domain	9	lh.sh
Details	Domain	13	libsystem.so
Details	Domain	1	stlalive.sh
Details	Domain	1	stl.sh
Details	sha256	1	af997593d2df937f8295976d99a2779b9b8fab58cf2b572651d4144c3ae030ea
Details	sha256	6	6e25ad03103a1a972b78c642bac09060fa79c460011dc5748cbb433cc459938b
Details	sha256	2	2fbc3b9421bc770831a724d9e467c7dbc220dc41c0ca21d33a45893be4ff82d4
Details	sha256	4	a3f72a73e146834b43dab8833e0a9cfee6d08843a4c23fdf425295e53517afce
Details	sha256	4	63d43e5b292b806e857470e53412310ad7103432ba3390ecd4f74e432530a8a9
Details	sha256	6	c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a
Details	sha256	4	e20806791aeae93ec120e728f892a8850f624ce2052205ddb3f104bbbfae7f80
Details	sha256	4	b55ddbaee7abf1c73570d6543dd108df0580b08f730de299579570c23b3078c0
Details	sha256	1	a290b6f956ecdb3d2d2019088f0b01a93a9f680c82a4680c0fb87eb5e3e64897
Details	sha256	4	5c46098887e488d91f42c6d9b93b17b2736c9f4cb5a4a1e476c87c0d310a3f28
Details	sha256	4	715f1f821d028e165bfa750d73505f1a6136184999411300cc88c18ebfa6e8f7
Details	sha256	1	d050b27779d9090dcd3ca5bdae6343cfa3aac1b5cd55c032cb13fab26cbb06b8
Details	sha256	1	ef11c120fab2129fce6dddb8b007102ef98281e11864386ff09c179c58d1dfe0
Details	sha256	1	caf8f47fde4f20e134af0ee93dff4d70086ec4912e85a5dc5c09fbd6ae66b96b
Details	sha256	1	56353abdfd74916b32b114e4f0e310a9d1b197a803bb8e37fd43c7134cd53b6b
Details	sha256	1	acf011a715b535dc75e3ae56fbf9622b3a8952f6eaf34dbd0e33fbb5c8bb35be
Details	sha256	4	c38f0f809a1d8c50aafc2f13185df1441345f83f6eb4ef9c48270b9bd90c6799
Details	sha256	4	39db1c54c3cc6ae73a09dd0a9e727873c84217e8f3f00e357785fba710f98129
Details	sha256	4	19370ef36f43904a57a667839727c09c50d5e94df43b9cfb3183ba766c4eae3d
Details	sha256	5	6370939d4ff51b934b7a2674ee7307ed06111ab3b896a8847d16107558f58e5b
Details	sha256	4	3f6120ca0ff7cf6389ce392d4018a5e40b131a083b071187bf54c900e2edad26
Details	IPv4	2	142.44.203.85
Details	IPv4	1	45.83.64.1
Details	IPv4	1	135.125.217.87
Details	IPv4	2	92.242.40.21
Details	IPv4	1	82.118.18.201
Details	IPv4	1	80.71.158.44
Details	IPv4	1	194.40.243.149
Details	IPv4	11	62.210.130.250
Details	IPv4	1	152.67.63.150
Details	IPv4	1	155.94.154.170
Details	IPv4	5	185.191.32.198
Details	IPv4	1	14.215.128.148
Details	Url	1	http://135.125.217.87/jndi.sh
Details	Url	1	http://92.242.40.21/lh2.sh
Details	Url	1	http://82.118.18.201/lh.sh
Details	Url	1	http://80.71.158.44/lh.sh
Details	Url	1	http://194.40.243.149/lh.sh
Details	Url	3	http://62.210.130.250/lh.sh
Details	Url	1	http://152.67.63.150
Details	Url	1	http://155.94.154.170/aaa
Details	Url	1	http://185.191.32.198
Details	Url	1	http://14.215.128.148