
Operation CrackArmor
AppArmorPrivilege EscalationLinux
Operation CrackArmor involves critical vulnerabilities in AppArmor that allow local privilege escalation to root. The campaign targets Linux systems, exploiting flaws to gain unauthorized access and control.
Indicators of Compromise
No domains found for this campaign
Campaign Guidance
Remediation, mitigation, notes, history and related intelligence
DETECTIONS
DET0518 - Behavioral Detection of T1498 – Network Denial of Service Across Platforms, Detection Strategy DET05
Data Component | Name | Channel |
Network Connection Creation (DC0082) | WinEventLog:Sysmon | EventCode=3, 22 |
Process Creation (DC0032) | WinEventLog:Sysmon | EventCode=1 |
DET0593 - Detecting OS Credential Dumping via /proc Filesystem Access on Linux, Detection Strategy DET0593 | M
Data Component | Name | Channel |
File Access (DC0055) | auditd:SYSCALL | open, read |
File Modification (DC0061) | auditd:SYSCALL | write |
Process Access (DC0035) | auditd:SYSCALL | ptrace or process_vm_readv |
Process Creation (DC0032) | linux:Sysmon | EventCode=1 |
DET0738 - Detection of Exploitation for Privilege Escalation, Detection Strategy DET0738 | MITRE ATT&CK®
Data Component | Name | Channel |
Application Log Content (DC0038) | Application Log | None |
Observed Countries3
DE (433)
GB (46)
US (298)