ThreatLabz analysis - Log4Shell CVE-2021-44228 Exploit Attempts | Zscaler
Tags
Common Information
| Type | Value |
|---|---|
| UUID | cba52621-d046-459f-8dac-6e3ea216c9cb |
| Fingerprint | a4091cd78d37568e |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 15, 2021, midnight |
| Added to db | Sept. 26, 2022, 9:33 a.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | ThreatLabz analysis - Log4Shell CVE-2021-44228 Exploit Attempts |
| Title | ThreatLabz analysis - Log4Shell CVE-2021-44228 Exploit Attempts | Zscaler |
| Detected Hints/Tags/Attributes | 52/1/44 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 397 | cve-2021-44228 |
|
| Details | Domain | 9 | lh.sh |
|
| Details | Domain | 3 | nazi.uy |
|
| Details | Domain | 4 | lh2.sh |
|
| Details | Domain | 3 | lurchmath.org |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 1 | qloi8d.dnslog.cn |
|
| Details | Domain | 1 | u7911j.dnslog.cn |
|
| Details | Domain | 1 | 90d744e.probe001.log4j.leakix.net |
|
| Details | Domain | 1 | 372d7648.probe001.log4j.leakix.net |
|
| Details | Domain | 1 | 4a3b19ce6368.bingsearchlib.com |
|
| Details | Domain | 604 | www.trendmicro.com |
|
| Details | Domain | 38 | blog.netlab.360.com |
|
| Details | File | 2 | mine.bat |
|
| Details | File | 1 | setup_moneroocean_miner.bat |
|
| Details | File | 1 | 4a3b19ce6368.bin |
|
| Details | File | 3 | analysis-of-kinsing-malwares-use-of-rootkit.html |
|
| Details | Github username | 1 | moneroocean |
|
| Details | md5 | 2 | cf2ce888781958e929be430de173a0f8 |
|
| Details | md5 | 2 | 0579a8907f34236b754b07331685d79e |
|
| Details | md5 | 1 | 3814f201a07cf1a2d5c837c8caeb912f |
|
| Details | md5 | 1 | 40e3b969906c1a3315e821a8461216bb |
|
| Details | md5 | 1 | 6d275af23910c5a31b2d9684bbb9c6f3 |
|
| Details | md5 | 1 | 1348a00488a5b3097681b6463321d84c |
|
| Details | md5 | 3 | 648effa354b3cbaad87b45f48d59c616 |
|
| Details | IPv4 | 6 | 45.137.21.9 |
|
| Details | IPv4 | 10 | 45.155.205.233 |
|
| Details | IPv4 | 11 | 62.210.130.250 |
|
| Details | IPv4 | 2 | 92.242.40.21 |
|
| Details | IPv4 | 5 | 185.191.32.198 |
|
| Details | IPv4 | 3 | 80.71.158.12 |
|
| Details | IPv4 | 1 | 176.32.33.14 |
|
| Details | IPv4 | 2 | 142.44.203.85 |
|
| Details | IPv4 | 1 | 18.185.60.131 |
|
| Details | IPv4 | 1 | 37.233.99.127 |
|
| Details | IPv4 | 1 | 78.31.71.248 |
|
| Details | IPv4 | 1 | 178.62.74.211 |
|
| Details | IPv4 | 1 | 198.152.7.67 |
|
| Details | IPv4 | 1 | 205.185.115.217 |
|
| Details | Url | 3 | http://62.210.130.250/web/admin/x86 |
|
| Details | Url | 1 | https://github.com/moneroocean/xmrig_setup/blob/master/setup_moneroocean_miner.bat |
|
| Details | Url | 1 | https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce |
|
| Details | Url | 3 | https://www.trendmicro.com/en_us/research/20/k/analysis-of-kinsing-malwares-use-of-rootkit.html |
|
| Details | Url | 4 | https://blog.netlab.360.com/threat-alert-log4j-vulnerability-has-been-adopted-by-two-linux-botnets |