Log4j RCE CVE-2021-44228 Generic

Rule Info

Name
Log4j RCE CVE-2021-44228 Generic
Author
Florian Roth (Nextron Systems)
Description
Detects exploitation attempt against log4j RCE vulnerability reported as CVE-2021-44228 (Log4Shell)
Reference
https://web.archive.org/web/20231230220738/https://www.lunasec.io/docs/blog/log4j-zero-day/
Date
2021-12-10 00:00:00
Modified
2022-02-06 00:00:00
Id
5ea8faa8-db8b-45be-89b0-151b84c82702
Tags
attack.initial-access attack.t1190 detection.emerging-threats
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=5ea8faa8-db8b-45be-89b0-151b84c82702

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
598d29f81
Fukusuke Takahashi
Merge PR #4960 from @fukusuket - Update unreachable/broken references
2024-08-10
dbba992bc
frack113
Update tags
2023-06-20
8c5dba374
Nasreddine Bencherchali
chore: move rules to new folders (#4205)
2023-05-02
637d61088
Nasreddine Bencherchali
chore: add nextron authors tag
2023-02-01
7c38a5c49
frack113
Order root rules folder
2023-01-31
8b321ba0b
frack113
Order root rules folder
2023-01-29
9320bf246
frack113
change status to test
2023-01-27
1033b3f40
frack113
Order yaml field
2022-10-25
5498621bb
Florian Roth
fix: FPs noticed in THOR testing
2022-02-21
35d4c8bc6
Florian Roth
fix: avoid Microsoft Defender detections
2022-02-06
e2aa3665a
Florian Roth
changed expression
2021-12-13
ea3f1c622
izysec
Added current known bypass patterns
2021-12-13
6c8b0c8fd
Florian Roth
more patterns for log4shell
2021-12-13
ef6fb35e2
Florian Roth
more Log4Shell patterns
2021-12-12
d8613fedf
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022