Log4j overview IoCs

This page contains an overview of any Indicators of Compromise regarding the Log4j vulnerability. On this page NCSC-NL will maintain a list of all known IOCs which can be used to detect and block. Furthermore any references will contain specific information regarding indicator reports.

NCSC-NL has not verified the IoCs listed below and therefore cannot guarantee the validity of said rules. However NCSC-NL strives to provide IoCs from reliable sources.

Network related IoC's

Note	Links
The list of callback servers, updated by Greynoise	source
The list of scanning IP's, updated by Greynoise	source
Threatfox	source
UrlHaus	source
Malware Bazaar	source
CTCI	source
Malwar3Ninja	source

List of IoC's from security vendors

Note	Links
Talos Intelligence	source
360 Netlab	source
Microsoft(Contains scan IP's)	source
RedDrip7	source
CrowdSec (Scan IP validation)	source
Bad Packets (Contains scan IP's)	source
NCC Group (Contains scan IP's)	source

List of IoC's from Honeypot's

Note	Links
GelosSnake	source
CronUp	source
yt0ng	source
eromang	source

Twitter IoC search tool

Note	Links
TweetFeed	source

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Log4j overview IoCs

Network related IoC's

List of IoC's from security vendors

List of IoC's from Honeypot's

Twitter IoC search tool

Files

README.md

Latest commit

History

README.md

File metadata and controls

Log4j overview IoCs

Network related IoC's

List of IoC's from security vendors

List of IoC's from Honeypot's

Twitter IoC search tool