alert http $EXTERNAL_NET any -> $HOME_NET [2375,2376] (msg:"ET POLICY External Host Creating Docker Container"; flow:established,to_server; content:"POST"; http_method; content:"/containers/create"; http_uri; isdataat:!1,relative; content:"Docker-Client"; http_user_agent; depth:13; fast_pattern; content:"|7b 22|Hostname|22 3a 22|"; http_client_body; depth:13; http_header_names; content:!"Referer"; metadata: former_category POLICY; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/misconfigured-container-abused-to-deliver-cryptocurrency-mining-malware/; classtype:trojan-activity; sid:2026561; rev:2; metadata:attack_target Server, deployment Perimeter, tag Docker, signature_severity Major, created_at 2018_10_29, performance_impact Low, updated_at 2018_10_29;)

Added 2018-10-29 18:07:10 UTC


Topic revision: r1 - 2018-10-29 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats