first log4shell edition

Neo23x0 · Dec 13, 2021 · 998f8a4 · 998f8a4
1 parent fcde372
commit 998f8a4
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 132 deletions.
diff --git a/c2-iocs.txt b/c2-iocs.txt
@@ -1,125 +1,15 @@
-201.191.202.34
-216.58.192.68
-185.11.146.191
-185.11.146.151
-185.62.190.62
-185.62.190.82
-185.62.190.156
-185.62.190.222
-185.62.190.253
-188.209.49.163
-188.209.52.195
-188.209.49.131
-188.209.49.165
-185.130.5.165
-185.130.5.174
-185.130.5.200
-185.130.5.205
-185.130.5.246
-80.82.64.177
-80.82.78.12
-89.248.168.29
-89.248.172.201
-94.102.53.144
-89.248.162.167
-89.248.162.171
-89.248.166.131
-89.248.168.39
-89.248.172.166
-89.248.172.173
-94.102.49.197
-94.102.63.136
-46.165.251.153
-178.162.199.88
-178.162.205.4
-178.162.205.29
-178.162.205.30
-178.162.211.200
-178.162.211.211
-178.162.211.213
-178.162.211.214
-178.162.211.215
-178.162.211.216
-178.162.211.217
-149.202.153.56
-173.208.196.202
-188.0.236.27
-188.209.52.228
-192.210.220.3
-198.23.238.215
-198.23.238.251
-208.67.1.130
-208.67.1.33
-208.69.31.11
-5.152.206.162
-5.196.8.171
-89.248.162.167
-115.239.248.62
-117.27.158.104
-117.27.158.71
-117.27.158.78
-117.27.158.91
-122.225.103.118
-122.225.103.122
-122.225.103.125
-122.225.103.97
-122.225.109.102
-122.225.109.103
-122.225.109.108
-122.225.109.109
-122.225.109.114
-122.225.109.121
-122.225.109.125
-122.225.109.202
-122.225.109.214
-122.225.109.220
-122.225.109.99
-218.2.0.121
-218.2.0.132
-218.2.0.133
-218.2.0.137
-221.235.188.210
-222.186.34.121
-222.186.58.70
-60.169.77.228
-61.174.50.172
-61.174.50.177
-61.174.50.184
-61.174.50.216
-61.174.51.214
-61.174.51.226
-61.174.51.229
-61.174.51.230
-61.174.51.233
-61.174.51.235
-61.174.50.184
-122.225.103.118
-218.2.0.132
-122.225.103.125
-122.225.109.99
-122.225.103.97
-122.225.103.122
-61.174.51.226
-117.27.158.71
-61.174.51.233
-122.225.109.108
-122.225.109.109
-61.174.50.177
-61.174.51.214
-117.27.158.104
-61.174.50.172
-222.186.34.121
-117.27.158.91
-222.186.58.70
-61.174.51.229
-122.225.109.214
-61.174.50.216
-117.27.158.78
-221.235.188.210
-122.225.109.121
-167.114.153.55
-94.237.37.28
-82.118.242.171
-31.220.61.251
-128.199.199.187
-# END
+bingsearchlib.com
+34.198.182.201
+canarytokens.com
+52.18.63.80
+log4j.binaryedge.io
+134.209.163.248
+leakix.net
+167.71.13.196
+dnslog.cn
+47.244.138.18
+kryptoslogic-cve-2021-44228.com
+167.99.86.185
+interact.sh
+46.101.25.250
+# END
diff --git a/fenrir.sh b/fenrir.sh
@@ -4,7 +4,7 @@
 # Simple Bash IOC Checker
 # Florian Roth
 
-VERSION="0.8.0"
+VERSION="0.8.0-log4shell"
 
 # Settings ------------------------------------------------------------
 SYSTEM_NAME=$(uname -n | tr -d "\n")

diff --git a/filename-iocs.txt b/filename-iocs.txt
@@ -1,2 +1,3 @@
 demo/evil.jsp
 # END - DO NOT REMOVE
+/log4j-core
diff --git a/string-iocs.txt b/string-iocs.txt
@@ -1,6 +1,20 @@
-eval request(
-bash -i >/dev/tcp/
-chmod +x /tmp/
-() { :; };
-packed with the UPX executable packer
-# END - DO NOT REMOVE - contents passed to grep - double escape square brackets
+${jndi:ldap:/
+${jndi:rmi:/
+${jndi:ldaps:/
+${jndi:dns:/
+/$%7bjndi:
+%24%7bjndi:
+$%7Bjndi:
+%2524%257Bjndi
+%2F%252524%25257Bjndi%3A
+${jndi:${lower:
+${::-j}${
+${jndi:nis
+${jndi:nds
+${jndi:corba
+${jndi:iiop
+${${env:BARFOO:-j}
+${::-l}${::-d}${::-a}${::-p}
+${base64:JHtqbmRp
+/Basic/Command/Base64/
+# END - DO NOT REMOVE - contents passed to grep - double escape square brackets