Post-exploiting a compromised etcd – Full control over the cluster and its nodes
Tags
| attack-pattern: | Data Direct Credentials - T1589.001 Server - T1583.004 Server - T1584.004 Connection Proxy - T1090 |
Common Information
| Type | Value |
|---|---|
| UUID | f8dde84c-52b4-4218-91ef-f0de2fc526e4 |
| Fingerprint | 2eb8c6d9572517b4 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Nov. 7, 2023, 8 a.m. |
| Added to db | Nov. 19, 2023, 10:29 p.m. |
| Last updated | Nov. 20, 2024, 7:40 a.m. |
| Headline | Post-exploiting a compromised etcd – Full control over the cluster and its nodes |
| Title | Post-exploiting a compromised etcd – Full control over the cluster and its nodes |
| Detected Hints/Tags/Attributes | 45/1/13 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 206 | ✔ | — | https://research.nccgroup.com/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | cni.projectcalico.org |
|
| Details | Domain | 1 | ni.projectcalico.org |
|
| Details | Domain | 3 | node.kubernetes.io |
|
| Details | Domain | 71 | kubernetes.io |
|
| Details | Domain | 15 | metadata.name |
|
| Details | Domain | 3 | pod-security.kubernetes.io |
|
| Details | File | 12 | server.crt |
|
| Details | File | 18 | server.key |
|
| Details | File | 32 | ca.crt |
|
| Details | File | 2 | kube-root-ca.crt |
|
| Details | IPv4 | 1445 | 127.0.0.1 |
|
| Details | IPv4 | 1 | 10.96.110.138 |
|
| Details | IPv4 | 1 | 10.96.110.13 |