EXPL_Log4j_CVE_2021_44228_JAVA_Exception_Dec21_1

Rule Info

Name
EXPL_Log4j_CVE_2021_44228_JAVA_Exception_Dec21_1
Minimum Yara
1.7
Date
2021-12-12
Description
Detects exceptions found in server logs that indicate an exploitation attempt of CVE-2021-44228
Reference
https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b
Author
Florian Roth
Rule Hash
99418a995017234d54a0f00d8eb5328e
Tags
['CVE_2021_44228', 'EXPLOIT', 'DEMO']
Score
60
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/expl_log4j_cve_2021_44228_java_exception_dec21_1/comments
Community Rule
https://github.com/Neo23x0/signature-base/search?q=EXPL_Log4j_CVE_2021_44228_JAVA_Exception_Dec21_1

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
11
Suspicious (< 10 engines)
4
Clean (0 engines)
13

Rule Matches

Hash
Timestamp
Total
Positives
VT
6e26216c740351f5460a2f51b4676606d572fd3012f57fb9e154a34d9242d6ea
2023-05-30 23:06:41
60
12
dd8f7f31f2e17ef4075f2c3b5b696a2bb569a147e470d30002d8b38996b794a4
2023-03-28 11:54:44
59
6
6816a426ca7e0fbbb6c557457652881ce5cd72b3209489f7c1cfb72838badb9a
2023-03-28 01:40:36
56
11
e3dcafd30dc42ccbd9d2726b5ab4bc14318efcee43e9d011bf9ec114458834d9
2023-03-02 00:19:09
58
12
d922aa2a31017041c40485dc4138ef90219caaf9df96cb405eacd1f218608916
2023-02-28 13:45:25
59
0
12c80092e7df5c4cf295eadeb12a713bd791372dad2e3677f04a1676fb2b9779
2023-02-24 19:05:35
62
12
9574d33d7ee275bcd2cc7e0edf3fda23938090d9f71270c0aa2b9d94b2d590bb
2023-02-20 16:05:53
60
21
f5fd086328223ca9bc3e5ebe3dc1f6f3e8a8bc4c9113627e397bd782abe36638
2023-02-18 22:21:07
60
27
1dd396870970e847b0d2cd08a8eb07b1b8a3b65a7176063a49832ddd5ba02022
2023-02-03 09:08:55
60
0
a88ca01278a9243c71774da4e4ca446da4efa402af43eac25eea35b30d42bc2c
2022-12-19 20:19:00
61
11
6b83456ea58c909e27dc031842f174d3f1ebbc93f61b977ee6fa722ad0d80fa1
2022-12-13 06:01:52
61
11
73aaa4dfdfba6734dce8ebf86b6338679cdcd2a66646148535e89de48f555b1b
2022-10-14 21:26:40
61
14
a5cd18869892e5af2f62afe57f1c182af17f75bab02cfb2716ef5d61255549cf
2022-10-03 15:16:33
59
10
f493a448b7aca13f60871faa13cf6a187143ba0238eded7dd61e1597c6fff972
2022-10-03 14:38:48
60
15
73d93ffab80eb4358268a1784dba66224fc96fa23b26a65f9201bf631e82c7fe
2022-04-21 16:10:51
57
0
fe5079e3f6b3a8318d1967fa3e1b9191a2dd7e41156a396db3770042be6fe83e
2022-04-01 20:06:45
57
7
ef4106acce94a5ef99148b2a593df2f591dc85ccd86e393b62416ec6d1a670fb
2022-03-25 21:08:02
57
3
13160edab74cc2dd34653920d4bf56e487fea2fd6adf8249e0be9215ced902b4
2022-03-18 19:06:42
57
1
93e28865847475be9c05017421ffbb122a05ee973c25d1639e7f8bf55fc6bd0c
2022-03-10 20:56:43
55
0
66adf30e744f72906e1f07aae82d8326159f3b26ca7befaf8f144030d345e78a
2022-01-12 09:27:23
58
0
e2b721676f51f9b1cc4e077bc021b968554f015346c18e18a97331ec50f959d8
2021-12-29 20:29:56
58
0
1a6e61690df52dc61f090fd237cddbd2127663309c1340064ac211aa5b762c80
2021-12-28 20:40:23
55
0
4c3642a75ac8a08343e79416ad2eca6d3b6e09d3b40ce38f6b5b7c3538de93e5
2021-12-21 12:25:53
56
0
cf68eceb7fbb38acae643fb47e46f15068489e74a54ebb8b7471b2c9ed575ca1
2021-12-17 22:06:01
57
0
20dd3536672f5cd03d5b0c0b9e1e1a2487c653b5e6b96867501e93ac74557673
2021-12-15 17:58:44
57
0
da3e9073b363183ad66aa733be7160026ce1b23852687c42e5f4cc7a07f4552a
2021-12-14 15:27:31
57
0
304f2b6338c37cf4ce9b4d8bd8f3de0c2b940a0875ecbfbdd53016023d799d50
2021-12-13 17:41:29
56
0
f081ee8673de367c7a9f3c963b42cc75b957f5250213ce9def56bd955b0855bc
2021-12-13 15:33:08
57
0

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022