ATTACK [PTsecurity] log4j RCE aka Log4Shell successful. Malicious LDAP response (CVE-2021-44228)

SID: 10006900Rev: 10 views

Sourceptresearch/attackdetection

CreatedDecember 13, 2021

UpdatedDecember 13, 2021

Classificationattempted-admin

alert tcp any any -> any any (msg:"ATTACK [PTsecurity] log4j RCE aka Log4Shell successful. Malicious LDAP response (CVE-2021-44228)"; flow:established; content:"0"; depth:1; content:"|02 01 02 64|"; within:7; content:"javaClassName1"; within:150; content:"javaCodeBase1"; distance:0; content:"objectClass1"; distance:0; content:"javaFactory1"; distance:0; reference:cve, 2021-44228; reference:url, www.lunasec.io/docs/blog/log4j-zero-day; reference:url, github.com/ptresearch/AttackDetection; classtype:attempted-admin; sid:10006900; rev:1;)

References

cve	2021-44228
url	www.lunasec.io/docs/blog/log4j-zero-day
url	github.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!