Log4j-Indicators-of-Compromise

Log4j indicators of compromise (IOCs)

The Valtix security research team wanted to enrich and disseminate Log4j IOCs for the security community as we move into the holidays.

The provided IOCs are sourced from internal Valtix honeypots and through aggregating open-source feeds created by others in the community.

Valtix Log4Shell Observations Blog Post (1):

• https://valtix.com/blog/log4shell-observations/

Valtix Log4Shell Observations Blog Post (2):

• https://valtix.com/blog/log4shell-observations-two/

Valtix Log4Shell Demo: Attack, Detection & Mitigation:

• https://valtix.com/blog/virtual-patch-log4j/

Primary OSINT sources:

• https://github.com/curated-intel/Log4Shell-IOCs
• https://gist.github.com/gnremy/c546c7911d5f876f263309d7161a7217
• https://github.com/Malwar3Ninja/Exploitation-of-Log4j2-CVE-2021-44228/blob/main/Threatview.io-log4j2-IOC-list
• https://raw.githubusercontent.com/RedDrip7/Log4Shell_CVE-2021-44228_related_attacks_IOCs/main/Attack-IP.md
• https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/Log4j_IOC_List.csv
• https://gist.github.com/blotus/f87ed46718bfdc634c9081110d243166
• https://www.dan.me.uk/
• https://hominido.medium.com/iocs-para-log4shell-rce-0-day-cve-2021-44228-98019dd06f35
• https://cert-agid.gov.it/download/log4shell-iocs.txt
• https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/700/original/Dec1521IOCs.txt?1639683730
• https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/702/original/IOCs_20211217.txt?1639778427