LetsDefend Monitoring Alert

A Malicious Docker Container Executed

Jan, 04, 2024, 01:21 AM

Event ID: 216

Event Time: Jan, 04, 2024, 01:21 AM

Rule Name: SOC253 - A Malicious Docker Container Executed

Alert Type: Malware

MITRE Technique:
T1105 - Command and Control - Ingress Tool Transfer,
T1136 - Persistence - Create Account,
T1204.002 - Execution - User Execution: Malicious File,
T1566.001 - Initial Access - Phishing: Spearphishing Attachment,
T1036 - Defense Evasion - Masquerading,
T1059.004 - Execution - Command and Scripting Interpreter: Unix Shell,
T1610 - Execution - Deploy Container,
T1609 - Execution - Container Administration Command,

Severity: High

Incident Responder

2025 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166