T1525

Implant Internal Image

Adversaries may implant cloud or container images with malicious code to establish persistence after gaining access to an environment. Amazon Web Services (AWS) Amazon Machine Images (AMIs), Google Cloud Platform (GCP) Images, and Azure Images as well as popular container runtimes such as Docker can be implanted or backdoored. Unlike [Upload Malware](https://attack.mitre.org/techniques/T1608/001), this technique focuses on adversaries implanting an image in a registry within a victim’s environme...

IaaSContainers

Detections

Sources

Threat Actors

BY SOURCE

1sigma

PROCEDURES (1)

Cloud Monitoring1 detections

Auto-extracted: 1 detections for cloud monitoring

DETECTIONS (1)

AWS ECS Task Definition That Queries The Credential Endpoint

sigmamedium