Adrift in the Cloud: A Forensic Dive into Container Drift
Tags
attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Tool - T1588.002 Sudo - T1169 |
Common Information
Type | Value |
---|---|
UUID | b9fbb30e-d067-4ec1-be12-da673d52a988 |
Fingerprint | 1d02d3141be50d2b |
Analysis status | DONE |
Considered CTI value | 0 |
Text language | |
Published | Dec. 13, 2024, 3:50 p.m. |
Added to db | Dec. 13, 2024, 5:14 p.m. |
Last updated | Dec. 23, 2024, 3:25 a.m. |
Headline | Adrift in the Cloud: A Forensic Dive into Container Drift |
Title | Adrift in the Cloud: A Forensic Dive into Container Drift |
Detected Hints/Tags/Attributes | 34/1/33 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 158 | ✔ | Malware Analysis, News and Indicators - Latest topics | https://malware.news/latest.rss | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 7 | k8s.io |
|
Details | Domain | 1 | l33t.sh |
|
Details | Domain | 22 | docs.docker.com |
|
Details | Domain | 4694 | github.com |
|
Details | Domain | 5 | dissect.target |
|
Details | Domain | 2 | docker.py |
|
Details | Domain | 29 | sysdig.com |
|
Details | Domain | 1 | www.didactic-security.com |
|
Details | Domain | 1 | povilasv.me |
|
Details | Domain | 87 | kubernetes.io |
|
Details | File | 1 | meta.db |
|
Details | File | 2 | metadata.db |
|
Details | File | 21 | docs.doc |
|
Details | File | 5 | dissect.tar |
|
Details | File | 2 | docker.py |
|
Details | File | 1 | docker-forensics.pdf |
|
Details | Github username | 2 | docker-forensics-toolkit |
|
Details | Github username | 8 | fox-it |
|
Details | Github username | 39 | ||
Details | Github username | 1 | keikoproj |
|
Details | sha256 | 1 | 7ee0c6c2ac27dcf810737b6426611e42bd91d963edcad5aa3fd12db20d898f42 |
|
Details | Url | 1 | https://docs.docker.com/engine/storage/drivers/select-storage-driver |
|
Details | Url | 1 | https://github.com/docker-forensics-toolkit/toolkit |
|
Details | Url | 1 | https://github.com/fox-it/dissect.target/blob/main/dissect/target/plugins/apps/container/docker.py |
|
Details | Url | 1 | https://github.com/google/docker-explorer |
|
Details | Url | 1 | https://github.com/keikoproj/kube-forensics |
|
Details | Url | 1 | https://github.com/google/container-explorer |
|
Details | Url | 1 | https://sysdig.com/blog/guide-kubernetes-forensics-dfir |
|
Details | Url | 1 | https://www.didactic-security.com/resources/docker-forensics.pdf |
|
Details | Url | 1 | https://docs.docker.com/engine/storage/drivers/overlayfs-driver/#deleting |
|
Details | Url | 1 | https://povilasv.me/how-to-monitor-containerd |
|
Details | Url | 3 | https://kubernetes.io/blog/2022/12/05/forensic-container-checkpointing-alpha |
|
Details | Url | 1 | https://kubernetes.io/blog/2023/03/10/forensic-container-analysis/#file |