A Malicious Docker Container Executed

LetsDefend Monitoring Alert

Apr, 29, 2024, 09:42 AM

Event ID: 253

Event Time: Apr, 29, 2024, 09:42 AM

Rule Name: SOC253 - A Malicious Docker Container Executed

Alert Type: Unauthorized Access

MITRE Technique:

T1078 - Initial Access - Valid Accounts,

T1110 - Credential Access - Brute Force,

T1133 - Initial Access - External Remote Services,

T1059.004 - Execution - Command and Scripting Interpreter: Unix Shell,

T1610 - Execution - Deploy Container,

T1609 - Execution - Container Administration Command,

T1613 - Discovery - Container and Resource Discovery,

Severity: Medium

Incident Responder

45305 Catalina ct. Suite 150, Sterling VA 20166