Open amoore2600 opened 2 years ago
hackinghippo
commented
2 years ago good point! but the original purpose of this repo was when I get a log4j DFIR I can easily grep through a list with that contains many many sources so I can investigate the findings in for example Firewall,WinEVTX bla bla
Maybe you can fork it and edit it yourself :)
a1466d44-d3dc-4c0b-90c7-315b088731d7
commented
2 years ago @amoore2600 Try adding this to whatever script you are using to gather this list:
# cat log4j_ioc_ips.txt | aggregate -p 32 -m 32 -o 32 (only -p is needed, but for completeness
Aggregate will (as the name suggests) aggregate all IPs into subnets to make the list smaller.
@hackinghippo May be you can generate 2 outputs? One single host list, and a second aggregated list of networks?
PS.: In the current list there are again RFC1918 addresses, as well as 9.9.9.11 (public non profit DNS resolver)
hackinghippo
commented
2 years ago @Daywalker01, good idea I will add 2 outputs in the future. I also work at domains and hashes sadly I didnt have much time :( much incidents atm...
I can add a whitelist if I have a good base or listing from known IP adresses
Please add networks in cidr notation this would help keep the list more efficient.