Threat intelligence API Docs Pricing Solutions Resources Contact us

Threat reports

Read other reports

A Log4Shell Malware Campaign in the DNS Spotlight





While Apache has long since released a patch for the Log4Shell zero-day vulnerability1 seven days after its discovery in December 2021,2 many organizations may still be vulnerable to its exploitation. Companies that may not be keeping pace in the patching game could thus be at risk of becoming victims of a Log4Shell malware campaign.

The TIP research team recently amassed 64 indicators of compromise (IoCs)—58 domains and six subdomains specifically—related to the attacks. To help organizations beef up their cybersecurity posture, we expanded the list of IoCs to uncover other potentially connected artifacts.

Our in-depth investigation led to the discovery of:

  • 18 domains that had the same email addresses found anywhere in the IoCs’ historical WHOIS records
  • 47 IP addresses to which the IoCs resolved
  • 380 domains that shared the potentially dedicated hosts of some of the IoCs
  • 2,456 domains that contained 45 text strings that appeared in some of the domains identified as IoCs
  • 54 subdomains that contained three text strings that appeared in some of the subdomains identified as IoCs

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://success.trendmicro.com/dcx/s/solution/000289946
  • [2] https://logging.apache.org/log4j/2.x/security.html
Read other reports
To download the full report in PDF, please fill in the form.
I have read and agree to the Terms of Service and Privacy Policy
Please keep me updated on news, events, and offers.

Try our Threat Intelligence API for free

Get FREE trial
Have questions?

We work hard to improve our services for you. As part of that, we welcome your feedback, questions and suggestions. Please let us know your thoughts and feelings, and any way in which you think we can improve our product.

For a quick response, please select the request type that best suits your needs.

Or shoot us an email to

Threat Intelligence Platform uses cookies to provide you with the best user experience on our website. They also help us understand how our site is being used. Find out more here. By continuing to use our site you consent to the use of cookies.