LetsDefend Monitoring Alert
Possible Looney Tunables Detected(CVE-2023-4911)
Oct, 24, 2023, 02:19 AM
Event ID: 194
Event Time: Oct, 24, 2023, 02:19 AM
Rule Name: SOC232 - Possible Looney Tunables Detected(CVE-2023-4911)
Alert Type: Unauthorized Access
MITRE Technique:
T1053.003 - Persistence - Scheduled Task/Job: Cron,
T1133 - Initial Access - External Remote Services,
T1078 - Initial Access - Valid Accounts,
T1136 - Persistence - Create Account,
T1068 - Privilege Escalation - Exploitation for Privilege Escalation,
T1059.004 - Execution - Command and Scripting Interpreter: Unix Shell,
T1059.006 - Execution - Command and Scripting Interpreter: Python,
Severity: High
Incident Responder