EXPL_Log4j_CVE_2021_44228_JAVA_Exception_Dec21_1

Rule Info

Description
Detects exceptions found in server logs that indicate an exploitation attempt of CVE-2021-44228
Reference
https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b
Score
60
Date
2021-12-12
Minimum Yara
1.7
Name
EXPL_Log4j_CVE_2021_44228_JAVA_Exception_Dec21_1
Required Modules
[]
Author
Florian Roth
Rule Hash
99418a995017234d54a0f00d8eb5328e
Tags
['EXPLOIT', 'CVE_2021_44228', 'DEMO']
Virustotal Matches
https://www.virustotal.com/gui/search/expl_log4j_cve_2021_44228_java_exception_dec21_1/comments
Community Rule
https://github.com/Neo23x0/signature-base/search?q=EXPL_Log4j_CVE_2021_44228_JAVA_Exception_Dec21_1

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
5
Suspicious (< 10 engines)
3
Clean (0 engines)
12

Rule Matches

Hash
Timestamp
Positives
Total
VT
1dd396870970e847b0d2cd08a8eb07b1b8a3b65a7176063a49832ddd5ba02022
2023-02-03 09:08:55
0
60
a88ca01278a9243c71774da4e4ca446da4efa402af43eac25eea35b30d42bc2c
2022-12-19 20:19:00
11
61
6b83456ea58c909e27dc031842f174d3f1ebbc93f61b977ee6fa722ad0d80fa1
2022-12-13 06:01:52
11
61
73aaa4dfdfba6734dce8ebf86b6338679cdcd2a66646148535e89de48f555b1b
2022-10-14 21:26:40
14
61
a5cd18869892e5af2f62afe57f1c182af17f75bab02cfb2716ef5d61255549cf
2022-10-03 15:16:33
10
59
f493a448b7aca13f60871faa13cf6a187143ba0238eded7dd61e1597c6fff972
2022-10-03 14:38:48
15
60
73d93ffab80eb4358268a1784dba66224fc96fa23b26a65f9201bf631e82c7fe
2022-04-21 16:10:51
0
57
fe5079e3f6b3a8318d1967fa3e1b9191a2dd7e41156a396db3770042be6fe83e
2022-04-01 20:06:45
7
57
ef4106acce94a5ef99148b2a593df2f591dc85ccd86e393b62416ec6d1a670fb
2022-03-25 21:08:02
3
57
13160edab74cc2dd34653920d4bf56e487fea2fd6adf8249e0be9215ced902b4
2022-03-18 19:06:42
1
57
93e28865847475be9c05017421ffbb122a05ee973c25d1639e7f8bf55fc6bd0c
2022-03-10 20:56:43
0
55
66adf30e744f72906e1f07aae82d8326159f3b26ca7befaf8f144030d345e78a
2022-01-12 09:27:23
0
58
e2b721676f51f9b1cc4e077bc021b968554f015346c18e18a97331ec50f959d8
2021-12-29 20:29:56
0
58
1a6e61690df52dc61f090fd237cddbd2127663309c1340064ac211aa5b762c80
2021-12-28 20:40:23
0
55
4c3642a75ac8a08343e79416ad2eca6d3b6e09d3b40ce38f6b5b7c3538de93e5
2021-12-21 12:25:53
0
56
cf68eceb7fbb38acae643fb47e46f15068489e74a54ebb8b7471b2c9ed575ca1
2021-12-17 22:06:01
0
57
20dd3536672f5cd03d5b0c0b9e1e1a2487c653b5e6b96867501e93ac74557673
2021-12-15 17:58:44
0
57
da3e9073b363183ad66aa733be7160026ce1b23852687c42e5f4cc7a07f4552a
2021-12-14 15:27:31
0
57
304f2b6338c37cf4ce9b4d8bd8f3de0c2b940a0875ecbfbdd53016023d799d50
2021-12-13 17:41:29
0
56
f081ee8673de367c7a9f3c963b42cc75b957f5250213ce9def56bd955b0855bc
2021-12-13 15:33:08
0
57

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022