Méthode
—
Port
2375
Chemin / cible
—
Pourquoi cette classification : Type « docker_api_probe » (signaux protocolaires) · confiance 0%
Confiance classification
0%
Tactiques MITRE
TA0007
TA0001
User-Agent
—
Règles WAF
—
Payload (extrait)
GET /containers/json HTTP/1.1
Host: 62.3.50.33:2375
Upgrade-Insecure-Requests: 1
Accept: */*
User-Agent: libredtail-http
Co
Requête brute (extrait)
GET /containers/json HTTP/1.1 Host: 62.3.50.33:2375 Upgrade-Insecure-Requests: 1 Accept: */* User-Agent: libredtail-http Connection: keep-alive
Meta JSON brut
{
"protocol_emulated": true,
"emulator_response": "485454502f312e3120323030204f4b0d0a436f6e74656e742d547970653a206170706c69636174696f6e2f6a736f6e0d0a5365727665723a20446f636b65722f32342e302e350d0a436f6e74656e742d4c656e6774683a2036380d0a0d0a7b2241706956657273696f6e223a22312e3431222c2256657273696f6e223a223234",
"emulator_response_len": 162,
"bytes_in": 152,
"payload_entropy": 5.075158621190941,
"port_category": "registered",
"org": "282, Sector 19",
"service": "docker",
"app_proto": "docker",
"asn": 132420,
"country": "IN",
"dst_port": 2375,
"risk_waf": 8,
"risk_classification": 60,
"risk_behavior": 0,
"risk_geo": 0,
"risk_protocol": 40,
"risk_novelty": 25,
"risk_boost": 0,
"risk_granularity": 4.8,
"risk_breakdown": {
"waf": 8,
"classification": 60,
"behavior": 0,
"geo": 0,
"protocol": 40,
"novelty": 25
},
"risk_score": 13,
"tag_count": 5,
"anomaly_count": 0,
"campaign_key": "8c1839cdbd9fa9388eb8b04668a8b57ccf5e28c3",
"event_fingerprint": "00a875d783a0dbdbe0de1f97f4b47b47ab6b3d3e",
"classification_reason": "Type \u00ab docker_api_probe \u00bb (signaux protocolaires) \u00b7 confiance 0%",
"confidence": 0,
"classification_confidence": 0,
"precision_score": 0,
"precision_signals": [],
"kb_rule_ids": [],
"risk_confidence_factor": 0,
"city": null,
"is_datacenter": false,
"is_tor_hint": false,
"geo": {
"country": "IN",
"asn": 132420,
"org": "282, Sector 19",
"is_datacenter": false,
"is_tor_hint": false
},
"fingerprint": {
"payload_hash": "9df25169aee9aae66685b05dc1ebd060",
"path_pattern_hash": "f1831d9f4a5a77b3112c071eb8abe3e6"
},
"target_context": {
"dst_port": 2375,
"service": "docker"
},
"payload_preview": "GET \/containers\/json HTTP\/1.1\r\nHost: 62.3.50.33:2375\r\nUpgrade-Insecure-Requests: 1\r\nAccept: *\/*\r\nUser-Agent: libredtail-http\r\nCo",
"request_sample": "GET \/containers\/json HTTP\/1.1\r\nHost: 62.3.50.33:2375\r\nUpgrade-Insecure-Requests: 1\r\nAccept: *\/*\r\nUser-Agent: libredtail-http\r\nConnection: keep-alive\r\n\r\n",
"payload_snippet": "GET \/containers\/json HTTP\/1.1\r\nHost: 62.3.50.33:2375\r\nUpgrade-Insecure-Requests: 1\r\nAccept: *\/*\r\nUser-Agent: libredtail-http\r\nCo",
"evidence": {
"request_sample": "GET \/containers\/json HTTP\/1.1\r\nHost: 62.3.50.33:2375\r\nUpgrade-Insecure-Requests: 1\r\nAccept: *\/*\r\nUser-Agent: libredtail-http\r\nConnection: keep-alive\r\n\r\n",
"payload_snippet": "GET \/containers\/json HTTP\/1.1\r\nHost: 62.3.50.33:2375\r\nUpgrade-Insecure-Requests: 1\r\nAccept: *\/*\r\nUser-Agent: libredtail-http\r\nCo",
"classification_reason": "Type \u00ab docker_api_probe \u00bb (signaux protocolaires) \u00b7 confiance 0%"
},
"attack_stage": "probe",
"mitre_tactics": [
"TA0007",
"TA0001"
],
"threat_family": [
"cloud_infra_scan"
],
"recommended_client_action": "monitor",
"policy_mode": "intelligence",
"sensor_role": "threat_intelligence",
"event_signature": "4ba5991f888bef4bc722977daace814b9b3f2dcd",
"ban_policy": "advisory_monitor",
"tags_list": [
"docker_api_probe",
"docker_emulated",
"docker_payload",
"http_get_probe",
"net_docker_api_probe"
]
}
|