ioc[.]one - OSINT Cyber Threat Intelligence Database

CSI Forensics: Unraveling Kubernetes Crime Scenes

Tags

attack-pattern:

Data Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Sudo - T1169

Show in Graph

Common Information

Type	Value
UUID	bdccd1fb-a03f-4e82-ad59-623116ba105a
Fingerprint	3503d1b02bb40d83
Analysis status	DONE
Considered CTI value	0
Text language
Published	Oct. 23, 2024, 2:05 p.m.
Added to db	Oct. 23, 2024, 4:25 p.m.
Last updated	Nov. 15, 2024, 5:39 p.m.
Headline	CSI Forensics: Unraveling Kubernetes Crime Scenes
Title	CSI Forensics: Unraveling Kubernetes Crime Scenes
Detected Hints/Tags/Attributes	62/1/17

Source URLs

	Redirection	Url
Details	Source	https://malware.news/t/csi-forensics-unraveling-kubernetes-crime-scenes/87761

URL Provider

Details	Provider	Source level domain
Details	malware.news	malware.news

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	158	✔	Malware Analysis, News and Indicators - Latest topics	https://malware.news/latest.rss	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	2		fd.net
Details	Domain	37		proc.name
Details	Domain	24		container.name
Details	Domain	2		perlbot.pl
Details	Domain	2		io.kubernetes.cri-o.annotations.checkpoint.name
Details	Domain	71		kubernetes.io
Details	Domain	3		criu.org
Details	Domain	7		falco.org
Details	File	12		%user.log
Details	File	2		rootfs-diff.tar
Details	File	2		perlbot.pl
Details	IPv4	45		127.0.0.0
Details	Url	2		https://kubernetes.io/blog/2022/12/05/forensic-container-checkpointing-alpha
Details	Url	2		https://kubernetes.io/blog/2023/03/10/forensic-container-analysis
Details	Url	2		https://kubernetes.io/docs/reference/node/kubelet-checkpoint-api
Details	Url	2		https://criu.org/main_page
Details	Url	2		https://falco.org/blog