log4shell_ioc_ips icon indicating copy to clipboard operation
log4shell_ioc_ips copied to clipboard

verified publisher icon hackinghippo

Metadata

log4j / log4shell IoCs from multiple sources put together in one big file (IPs) more coming soon (CVE-2021-44228)

j4shell_ioc_ips

big dump from known log4j/log4shell malicious ip adresses unique and sorted update once a hour only if changes were made! (CVE-2021-44228) happy hunting

disclaimer

This script is parsing a lot of Source so this list maybe has a lot of false positives don't block all ips in your firewall!

ToDo:

  • add Whitelist [ONGOING]
  • better regex exclude local ip adresses [X]
  • add support for domains []

sources:

  • https://gist.github.com/gnremy/c546c7911d5f876f263309d7161a7217
  • https://github.com/Akikazuu/Apache-Log4j-RCE-Attempt
  • https://github.com/RedDrip7/Log4Shell_CVE-2021-44228_related_attacks_IOCs
  • https://gist.github.com/ycamper/26e021a2b5974049d113738d51e7641d
  • https://github.com/Malwar3Ninja/Exploitation-of-Log4j2-CVE-2021-44228/blob/main/Threatview.io-log4j2-IOC-list
  • https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/Log4j_IOC_List.csv
  • https://github.com/CronUp/Malware-IOCs/blob/main/2021-12-11_Log4Shell_Botnets
  • https://gist.github.com/blotus/f87ed46718bfdc634c9081110d243166
  • https://tweetfeed.live/search.html
  • https://raw.githubusercontent.com/CriticalPathSecurity/Public-Intelligence-Feeds/master/log4j.txt
  • https://raw.githubusercontent.com/CriticalPathSecurity/Zeek-Intelligence-Feeds/master/log4j_ip.intel
  • https://raw.githubusercontent.com/CriticalPathSecurity/Public-Intelligence-Feeds/master/log4j.txt
  • https://urlhaus.abuse.ch/browse/tag/log4j/
  • https://threatfox.abuse.ch/browse/tag/CVE-2021-44228/ ( and log4j)
  • https://github.com/threatmonit/Log4j-IOCs
  • https://raw.githubusercontent.com/eromang/researches/main/CVE-2021-44228/README.md
  • https://github.com/Humoud/log4j_payloads
  • https://gist.github.com/yt0ng/8a87f4328c8c6cde327406ef11e68726
  • https://github.com/LogRhythm-Labs/log4Shell
  • https://github.com/guardicode/CVE-2021-44228_IoCs
  • https://github.com/bengisugun/Log4j-IOC
  • https://github.com/shnoogie/log4j_ioc
  • https://github.com/vul-log/log4j_iocs
  • https://github.com/threatmonit/Log4j-IOCs
  • https://github.com/aojald/LOG4J_IOC
  • https://github.com/josephinetanadi/log4j-ioc-merge
  • https://github.com/russelr46/IOC_log4j_apache
  • https://github.com/prodigyak/Log4j-Wireshark-IOC-filter
  • https://github.com/valtix-security/Log4j-Indicators-of-Compromise
  • https://github.com/curated-intel/Log4Shell-IOCs
  • https://github.com/Sh0ckFR/log4j-CVE-2021-44228-Public-IoCs

Metadata

36
Stars
12
Forks
Watchers

Owner

verified publisher icon hackinghippo

Metadata

log4j / log4shell IoCs from multiple sources put together in one big file (IPs) more coming soon (CVE-2021-44228)

Back