LetsDefend Monitoring Alert

Privilege Escalation Detected via Docker API Exploitation

Feb, 14, 2024, 11:57 AM

Event ID: 227

Event Time: Feb, 14, 2024, 11:57 AM

Rule Name: SOC261 - Privilege Escalation Detected via Docker API Exploitation

Alert Type: Unauthorized Access

MITRE Technique:
T1110 - Credential Access - Brute Force,
T1133 - Initial Access - External Remote Services,
T1203 - Execution - Exploitation for Client Execution,
T1068 - Privilege Escalation - Exploitation for Privilege Escalation,
T1059.004 - Execution - Command and Scripting Interpreter: Unix Shell,
T1609 - Execution - Container Administration Command,
T1613 - Discovery - Container and Resource Discovery,
T1552.007 - Credential Access - Unsecured Credentials: Container API,
T1070.004 - Defense Evasion - Indicator Removal: File Deletion,

Severity: High

Incident Responder

2025 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166