Share
## https://sploitus.com/exploit?id=9297A534-2B19-597A-8952-6EC15EE80BFF
# j4shell_ioc_ips
big dump from known log4j/log4shell malicious ip adresses unique and sorted  update once a hour only if changes were made! (CVE-2021-44228)
happy hunting

## disclaimer 
This script is parsing a lot of Source so this list maybe has a lot of false positives don't block all ips in your firewall!


## ToDo:
- add Whitelist [ONGOING]
- better regex exclude local ip adresses [X]
- add support for domains []


## sources:
- https://gist.github.com/gnremy/c546c7911d5f876f263309d7161a7217
- https://github.com/Akikazuu/Apache-Log4j-RCE-Attempt
- https://github.com/RedDrip7/Log4Shell_CVE-2021-44228_related_attacks_IOCs
- https://gist.github.com/ycamper/26e021a2b5974049d113738d51e7641d
- https://github.com/Malwar3Ninja/Exploitation-of-Log4j2-CVE-2021-44228/blob/main/Threatview.io-log4j2-IOC-list
- https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/Log4j_IOC_List.csv
- https://github.com/CronUp/Malware-IOCs/blob/main/2021-12-11_Log4Shell_Botnets
- https://gist.github.com/blotus/f87ed46718bfdc634c9081110d243166
- https://tweetfeed.live/search.html
- https://raw.githubusercontent.com/CriticalPathSecurity/Public-Intelligence-Feeds/master/log4j.txt
- https://raw.githubusercontent.com/CriticalPathSecurity/Zeek-Intelligence-Feeds/master/log4j_ip.intel
- https://raw.githubusercontent.com/CriticalPathSecurity/Public-Intelligence-Feeds/master/log4j.txt
- https://urlhaus.abuse.ch/browse/tag/log4j/
- https://threatfox.abuse.ch/browse/tag/CVE-2021-44228/ ( and log4j)
- https://github.com/threatmonit/Log4j-IOCs
- https://raw.githubusercontent.com/eromang/researches/main/CVE-2021-44228/README.md
- https://github.com/Humoud/log4j_payloads
- https://gist.github.com/yt0ng/8a87f4328c8c6cde327406ef11e68726
- https://github.com/LogRhythm-Labs/log4Shell
- https://github.com/guardicode/CVE-2021-44228_IoCs
- https://github.com/bengisugun/Log4j-IOC
- https://github.com/shnoogie/log4j_ioc
- https://github.com/vul-log/log4j_iocs
- https://github.com/threatmonit/Log4j-IOCs
- https://github.com/aojald/LOG4J_IOC
- https://github.com/josephinetanadi/log4j-ioc-merge
- https://github.com/russelr46/IOC_log4j_apache
- https://github.com/prodigyak/Log4j-Wireshark-IOC-filter
- https://github.com/valtix-security/Log4j-Indicators-of-Compromise
- https://github.com/curated-intel/Log4Shell-IOCs
- https://github.com/Sh0ckFR/log4j-CVE-2021-44228-Public-IoCs