Possible Looney Tunables Detected(CVE-2023-4911)

LetsDefend Monitoring Alert

Oct, 24, 2023, 02:19 AM

Event ID: 194

Event Time: Oct, 24, 2023, 02:19 AM

Rule Name: SOC232 - Possible Looney Tunables Detected(CVE-2023-4911)

Alert Type: Unauthorized Access

MITRE Technique:

T1053.003 - Persistence - Scheduled Task/Job: Cron,

T1133 - Initial Access - External Remote Services,

T1078 - Initial Access - Valid Accounts,

T1136 - Persistence - Create Account,

T1068 - Privilege Escalation - Exploitation for Privilege Escalation,

T1059.004 - Execution - Command and Scripting Interpreter: Unix Shell,

T1059.006 - Execution - Command and Scripting Interpreter: Python,

Severity: High

Incident Responder

45305 Catalina ct. Suite 150, Sterling VA 20166