ITC Secure is continuing to monitor for any alerts that could indicate an incident related to the recent Log4j vulnerability. As a further update to our activities related to the Log4J vulnerability ITC continue to research and review available IOCs carrying out regular threat hunting to find any signs of compromise against CVE-2021-44228. We have provided a list of additional IOCs to aid your internal Security and Network teams in their investigations.
ITC recommend that systems vulnerable to CVE-2021-44228 are patched to the latest version and manufacturers recommendations are followed to prevent exploitation. Customers are advised to carry out vulnerability assessments to identify any systems that are vulnerable to CVE-2021-44228 with a priority on public facing servers and any internal critical systems.
Customers that have a VI service through ITC are having regular vulnerability scans performed to identify any systems that are vulnerable to CVE-2021-44228 and patched accordingly. In order to ensure the accurate detection of the Log4j vulnerability customers should install Qualys cloud agents on all assets where possible and ensure authentication credentials have been sent to the SOC for all assets where an agent cannot be installed.
Specific guidance that has been published and is regularly updated by Microsoft can be found here.
Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitation -Microsoft Security Blog
Microsoft have shared their IOC list for Log4j as a thread feed which can be found here.
For the full list of IP Address, please see here.