ATTACK [PTsecurity] log4j RCE aka Log4Shell attempt (CVE-2021-44228)

SID: 10006897Rev: 32 views
Sourceptresearch/attackdetection
CreatedDecember 10, 2021
UpdatedDecember 13, 2021
Classificationattempted-admin
alert http any any -> any any (msg:"ATTACK [PTsecurity] log4j RCE aka Log4Shell attempt (CVE-2021-44228)"; flow:established; content:"${"; content:"j"; distance:0; nocase; content:"n"; distance:0; nocase; content:"d"; distance:0; nocase; content:"i"; distance:0; nocase; content:":"; distance:0; nocase; content:"l"; distance:0; nocase; content:"d"; distance:0; nocase; content:"a"; distance:0; nocase; content:"p"; distance:0; nocase; pcre:"/\${(?:\${upper:|\${lower:|\${env:[^:]+:-|\${::-)?j}?(?:\${upper:|\${lower:|\${env:[^:]+:-|\${::-)?n}?(?:\${upper:|\${lower:|\${env:[^:]+:-|\${::-)?d}?(?:\${upper:|\${lower:|\${env:[^:]+:-|\${::-)?i}?(?:\${upper:|\${lower:|\${env:[^:]+:-|\${::-)?:}?(?:\${upper:|\${lower:|\${env:[^:]+:-|\${::-)?l}?(?:\${upper:|\${lower:|\${env:[^:]+:-|\${::-)?d}?(?:\${upper:|\${lower:|\${env:[^:]+:-|\${::-)?a}?(?:\${upper:|\${lower:|\${env:[^:]+:-|\${::-)?p}?/i"; reference:cve, 2021-44228; reference:url, www.lunasec.io/docs/blog/log4j-zero-day; reference:url, github.com/ptresearch/AttackDetection; metadata:created_at 2021_12_10, updated_at 2021_12_13; classtype:attempted-admin; sid:10006897; rev:3;)

References

cve2021-44228
urlwww.lunasec.io/docs/blog/log4j-zero-day
urlgithub.com/ptresearch/AttackDetection

Metadata

created at2021_12_10
updated at2021_12_13

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!