While Apache has long since released a patch for the Log4Shell zero-day vulnerability1 seven days after its discovery in December 2021,2 many organizations may still be vulnerable to its exploitation. Companies that may not be keeping pace in the patching game could thus be at risk of becoming victims of a Log4Shell malware campaign.
The TIP research team recently amassed 64 indicators of compromise (IoCs)—58 domains and six subdomains specifically—related to the attacks. To help organizations beef up their cybersecurity posture, we expanded the list of IoCs to uncover other potentially connected artifacts.
Our in-depth investigation led to the discovery of:
- 18 domains that had the same email addresses found anywhere in the IoCs’ historical WHOIS records
- 47 IP addresses to which the IoCs resolved
- 380 domains that shared the potentially dedicated hosts of some of the IoCs
- 2,456 domains that contained 45 text strings that appeared in some of the domains identified as IoCs
- 54 subdomains that contained three text strings that appeared in some of the subdomains identified as IoCs
Download a sample of the threat research materials now or contact us to access the complete set of research materials.
-  https://success.trendmicro.com/dcx/s/solution/000289946
-  https://logging.apache.org/log4j/2.x/security.html