Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitation
Contents
January 10, 2022 recap – The Log4j vulnerabilities represent a complex and high-risk situation for companies across the globe. This open-source component is widely used across many suppliers’ software and services. By nature of Log4j being a component, the vulnerabilities affect not only applications that use vulnerable libraries, but also any services that use these applications, so customers may not readily know how widespread the issue is in their environment. Customers are encouraged to utilize scripts and scanning tools to assess their risk and impact. Microsoft has observed attackers using many of the same inventory techniques to locate targets. Sophisticated adversaries (like nation-state actors) and commodity attackers alike have been observed taking advantage of these vulnerabilities. There is high potential for the expanded use of the vulnerabilities.
In January, we started seeing attackers taking advantage of the vulnerabilities in internet-facing systems, eventually deploying ransomware. We have observed many existing attackers adding …
In January, we started seeing attackers taking advantage of the vulnerabilities in internet-facing systems, eventually deploying ransomware. We have observed many existing attackers adding …
IoC
4fbc673742b9ca51a9721c682f404c41
http://139.180.217.203
http://api.rogerscorp.org
http://api.sophosantivirus.ga
http://apicon.nvidialab.us
http://service.trendmrcio.com
http://w2zmii7kjb81pfj0ped16kg8szyvmk.burpcollaborator.net
http://139.180.217.203
http://api.rogerscorp.org
http://api.sophosantivirus.ga
http://apicon.nvidialab.us
http://service.trendmrcio.com
http://w2zmii7kjb81pfj0ped16kg8szyvmk.burpcollaborator.net