EXPL_Log4j_CVE_2021_44228_JAVA_Exception_Dec21_1

Rule Info

Name
EXPL_Log4j_CVE_2021_44228_JAVA_Exception_Dec21_1
Author
Florian Roth
Description
Detects exceptions found in server logs that indicate an exploitation attempt of CVE-2021-44228
Score
60
Reference
https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b
Date
2021-12-12
Minimum Yara
1.7
Rule Hash
99418a995017234d54a0f00d8eb5328e
Tags
['DEMO', 'EXPLOIT', 'CVE_2021_44228']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/expl_log4j_cve_2021_44228_java_exception_dec21_1/comments
Community Rule
https://github.com/Neo23x0/signature-base/search?q=EXPL_Log4j_CVE_2021_44228_JAVA_Exception_Dec21_1

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
29
Suspicious (< 10 engines)
6
Clean (0 engines)
18

Rule Matches

Timestamp
Positives
Total
Hash
VT
2024-04-10 20:12:25
0
61
e934de984f4964bcd2a9aa0869a9a4299edf8bc706e6e18b19803f1a16bd1a2a
2024-02-16 12:27:00
10
60
be179001e3c21d702adfbc0415913521cc94aa0c36c63ceebe7a620a5bbc01a5
2024-02-09 16:59:18
16
60
ab3f70f685be4de79b7c61d7f2825e6329f954446917d6d878886baff4fd4985
2024-02-02 18:31:01
0
58
cb126110090ac972382725d8a46b8818e5d9ddc6761af1780eedf61904676cbb
2024-01-16 00:04:19
13
58
59ac556af2ab3db3f4604cd8a785a588661a2fb907e16fabce1965ac96620614
2024-01-15 23:46:24
13
58
8bb927fc130dc7e3b3cddfcc4f2f3befeadf967888947db8dfb02c10f307484b
2024-01-15 23:22:24
13
58
01138ed916b07c18a6a487d90105360ca3bfa45e0e61f16a4797ebff053943db
2023-12-27 07:17:33
17
61
0894bb1add181c995c4e1d9fc7318cd3a86c0556126848b69404a01ad644672e
2023-12-26 01:53:25
15
61
ebd20fa221537139dbbd0d7dd2eaa05175285c9fdc52be0b7596aa63227eb5d3
2023-12-21 21:13:02
15
56
63c819593efdad6ad1e529fe7a98287bd4b98243978ce1a0f637ee3bc0cc1cb7
2023-12-14 12:42:06
13
61
3c467a8a21de1216ed597961164a71c3b5340e0827b31e87ae134bc479591e28
2023-12-13 22:05:09
12
61
8ec02a974fa95aacaaeb17d59a3d2c3fd85dbb5245ea0a343149cba5fd03cc88
2023-12-10 13:34:45
13
61
01348b8a7cc50d5a132066b602faeaef4181c96a5fce6441081df18e104204c4
2023-12-04 18:51:05
0
62
91fc968dfef61f5347315aea94707c1118689dbf7fd0774795d28488cb946a50
2023-12-04 18:27:31
0
62
2e3b3eef27b9d6501b06f95027a48eca5972adb20c5bd89cde48e823f6410d02
2023-12-02 20:01:17
12
60
03031f8b0c78666aceb4b96d04457a414c06d65960552612ee61820290a4d350
2023-11-26 05:02:49
12
61
d8282f8671d0964ec20214b594fff57729c176354fa9ef72b9fc05c20d558d7b
2023-11-14 14:52:09
11
61
3d1b6f419ac6e6d77f1c84062c51737697720acbb49098b8cb4b562a7eb3872b
2023-11-04 23:42:33
3
61
21a4f1b6230e5d8a091d1309410398f0de6afc2bc0070b0f04eeb76083d5225d
2023-10-29 23:46:54
13
61
49dfabc5a2b9748a7ab011efe70971d1ec23cffd70bbff4cb955202c432f3975
2023-10-10 22:27:27
15
61
7d6db0ec4893750c954b8e5ab10db249bb4beeb203e861c694fb73909449625b
2023-09-11 05:42:59
8
59
13221710e89d08ec0a9548df53057c9d5ebe8c1e7f0034b5a8b3ee190f5bd863
2023-08-17 14:51:39
14
59
dac075e7dd97112617f5403224cfeb444cb2195c1ff9e463aaa3e91a496ce388
2023-07-03 16:24:37
0
59
12d6fc3f2b1cb47d0deee7dee65a1aa005a4aeeb3329dcf11b5a169763031406
2023-06-13 10:24:36
13
60
d83b67a1e2fdef15aa739a71e5ea2a6cd51304dbd9f0e2ec06001385af61a61e
2023-05-30 23:06:41
12
60
6e26216c740351f5460a2f51b4676606d572fd3012f57fb9e154a34d9242d6ea
2023-03-28 11:54:44
6
59
dd8f7f31f2e17ef4075f2c3b5b696a2bb569a147e470d30002d8b38996b794a4
2023-03-28 01:40:36
11
56
6816a426ca7e0fbbb6c557457652881ce5cd72b3209489f7c1cfb72838badb9a
2023-03-02 00:19:09
12
58
e3dcafd30dc42ccbd9d2726b5ab4bc14318efcee43e9d011bf9ec114458834d9
2023-02-28 13:45:25
0
59
d922aa2a31017041c40485dc4138ef90219caaf9df96cb405eacd1f218608916
2023-02-24 19:05:35
12
62
12c80092e7df5c4cf295eadeb12a713bd791372dad2e3677f04a1676fb2b9779
2023-02-20 16:05:53
21
60
9574d33d7ee275bcd2cc7e0edf3fda23938090d9f71270c0aa2b9d94b2d590bb
2023-02-18 22:21:07
27
60
f5fd086328223ca9bc3e5ebe3dc1f6f3e8a8bc4c9113627e397bd782abe36638
2023-02-03 09:08:55
0
60
1dd396870970e847b0d2cd08a8eb07b1b8a3b65a7176063a49832ddd5ba02022
2022-12-19 20:19:00
11
61
a88ca01278a9243c71774da4e4ca446da4efa402af43eac25eea35b30d42bc2c
2022-12-13 06:01:52
11
61
6b83456ea58c909e27dc031842f174d3f1ebbc93f61b977ee6fa722ad0d80fa1
2022-10-14 21:26:40
14
61
73aaa4dfdfba6734dce8ebf86b6338679cdcd2a66646148535e89de48f555b1b
2022-10-03 15:16:33
10
59
a5cd18869892e5af2f62afe57f1c182af17f75bab02cfb2716ef5d61255549cf
2022-10-03 14:38:48
15
60
f493a448b7aca13f60871faa13cf6a187143ba0238eded7dd61e1597c6fff972
2022-04-21 16:10:51
0
57
73d93ffab80eb4358268a1784dba66224fc96fa23b26a65f9201bf631e82c7fe
2022-04-01 20:06:45
7
57
fe5079e3f6b3a8318d1967fa3e1b9191a2dd7e41156a396db3770042be6fe83e
2022-03-25 21:08:02
3
57
ef4106acce94a5ef99148b2a593df2f591dc85ccd86e393b62416ec6d1a670fb
2022-03-18 19:06:42
1
57
13160edab74cc2dd34653920d4bf56e487fea2fd6adf8249e0be9215ced902b4
2022-03-10 20:56:43
0
55
93e28865847475be9c05017421ffbb122a05ee973c25d1639e7f8bf55fc6bd0c
2022-01-12 09:27:23
0
58
66adf30e744f72906e1f07aae82d8326159f3b26ca7befaf8f144030d345e78a
2021-12-29 20:29:56
0
58
e2b721676f51f9b1cc4e077bc021b968554f015346c18e18a97331ec50f959d8
2021-12-28 20:40:23
0
55
1a6e61690df52dc61f090fd237cddbd2127663309c1340064ac211aa5b762c80
2021-12-21 12:25:53
0
56
4c3642a75ac8a08343e79416ad2eca6d3b6e09d3b40ce38f6b5b7c3538de93e5
2021-12-17 22:06:01
0
57
cf68eceb7fbb38acae643fb47e46f15068489e74a54ebb8b7471b2c9ed575ca1
2021-12-15 17:58:44
0
57
20dd3536672f5cd03d5b0c0b9e1e1a2487c653b5e6b96867501e93ac74557673
2021-12-14 15:27:31
0
57
da3e9073b363183ad66aa733be7160026ce1b23852687c42e5f4cc7a07f4552a
2021-12-13 17:41:29
0
56
304f2b6338c37cf4ce9b4d8bd8f3de0c2b940a0875ecbfbdd53016023d799d50
2021-12-13 15:33:08
0
57
f081ee8673de367c7a9f3c963b42cc75b957f5250213ce9def56bd955b0855bc

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022