Detecting and responding to Dirty Pipe with Elastic — Elastic Security Labs
Tags
attack-pattern: Data Service Stop - T1489 Tool - T1588.002 Sudo - T1169 Service Stop
Show in Graph
Common Information
Type Value
UUID fd7f7454-191d-4dc4-8b3c-6d2c57e13935
Fingerprint b0040b667dd5aad0
Analysis status DONE
Considered CTI value 0
Text language
Published Sept. 9, 2022, midnight
Added to db Nov. 20, 2023, 12:58 a.m.
Last updated Nov. 17, 2024, 11:40 p.m.
Headline Detecting and responding to Dirty Pipe with Elastic
Title Detecting and responding to Dirty Pipe with Elastic — Elastic Security Labs
Detected Hints/Tags/Attributes 39/1/24
Source URLs
Redirection Url
Details Source https://www.elastic.co/security-labs/detecting-and-responding-to-dirty-pipe-with-elastic
URL Provider
Details Provider Source level domain
Details elastic.co www.elastic.co
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 306 Elastic Security Labs https://www.elastic.co/security-labs/rss/feed.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 34 
cve-2022-0847
Details Domain 9 
dirtypipe.cm4all.com
Details Domain 5 
haxx.in
Details Domain 4128 
github.com
Details Domain 101 
www.elastic.co
Details Domain 55 
process.name
Details Domain 24 
sysdig.com
Details Domain 1373 
twitter.com
Details File 15 
audit.log
Details File 25 
event.dat
Details File 1 
auditd.log
Details File 6 
path.config
Details File 1 
filebeat-module-auditd.html
Details Github username 2 
liamg
Details Github username 1 
imfiver
Details Github username 46 
rapid7
Details Url 6 
https://dirtypipe.cm4all.com
Details Url 2 
https://haxx.in/files/dirtypipez.c
Details Url 2 
https://github.com/liamg/traitor
Details Url 1 
https://github.com/imfiver/cve-2022-0847
Details Url 1 
https://github.com/rapid7/metasploit-framework/pull/16303
Details Url 1 
https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-auditd.html
Details Url 1 
https://sysdig.com/blog/cve-2022-0847-dirty-pipe-sysdig
Details Url 1 
https://twitter.com/jonasl/status/1501840914381258756?s=20&t=miwwwxpl5t0jiopvxx5m5q