LetsDefend Monitoring Alert

A Malicious Docker Container Executed

Apr, 29, 2024, 09:42 AM

Event ID: 253

Event Time: Apr, 29, 2024, 09:42 AM

Rule Name: SOC253 - A Malicious Docker Container Executed

Alert Type: Unauthorized Access

MITRE Technique:
T1078 - Initial Access - Valid Accounts,
T1110 - Credential Access - Brute Force,
T1133 - Initial Access - External Remote Services,
T1059.004 - Execution - Command and Scripting Interpreter: Unix Shell,
T1610 - Execution - Deploy Container,
T1609 - Execution - Container Administration Command,
T1613 - Discovery - Container and Resource Discovery,

Severity: Medium

Incident Responder

2025 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166