""ET EXPLOIT Apache log4j RCE Attempt (http) (Outbound) (CVE-2021-44228)""
SID: 2045125
Revision: 1
Class Type: attempted-admin
Metadata: attack_target Server, created_at 2023_04_21, cve CVE_2021_44228, deployment Perimeter, confidence High, signature_severity Major, updated_at 2023_04_21
Reference:
-
cve
-
2021-44228
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: any
Destination Port: any
Flow: established,to_server
Contents:
-
Value: "|2f 24 7b 24 7b|" Depth: 5
-
Value: "|3a 2d|j|7d 24 7b|"
-
Value: "|3a 2d|n|7d 24 7b|"
-
Value: "|3a 2d|d|7d 24 7b|"
-
Value: "|3a 2d|i|7d 24 7b|"
-
Value: "|3a 2d 3a 7d 24 7b|"
Within:
PCRE:
Special Options:
-
http_uri
-
fast_pattern
-
http_uri
-
http_uri
-
http_uri
-
http_uri
-
http_uri