Everyone and their dog or cat (squirrel?) are working on the Log4J news, according to my critical vuln crawler, so here’s a shortlist of resources that may help:

• OWASP Software Composition Analysis (SCA) Dependency Check: https://owasp.org/www-project-dependency-check/
• NCSC Vendor List and Status: https://github.com/NCSC-NL/log4shell/tree/main/software
• SwitHak Vendor Advisories Posted: https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
• Mubix hashlists to check for vulnerable versions: https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes
• Huntress Log4Shell-tester: https://github.com/huntresslabs/log4shell-tester
• Cybereason “vaccine” that will “download and then run a class that changes the server’s configuration to not load things anymore”.
• Cloudflare exploit payloads captured: https://blog.cloudflare.com/actual-cve-2021-44228-payloads-captured-in-the-wild/
• Costin Raiu blocklist: https://raw.githubusercontent.com/craiu/iocs/main/log4shell/log4j_blocklist.txt
• Curated Intel IOC: https://github.com/curated-intel/Log4Shell-IOCs
• Silent Signal enumeration tool: https://blog.silentsignal.eu/2021/12/12/our-new-tool-for-enumerating-hidden-log4shell-affected-hosts/

Spread the word.