EXPLORE
Sign In
← Back to Explore
T1610

Deploy Container

Adversaries may deploy a container into an environment to facilitate execution or evade defenses. In some cases, adversaries may deploy a new container to execute processes associated with a particular image or deployment, such as processes that execute or download malware. In others, an adversary may deploy a new container configured without network rules, user limitations, etc. to bypass existing defenses within the environment. In Kubernetes environments, an adversary may attempt to deploy a ...

Containers
16
Detections
1
Sources
1
Threat Actors

BY SOURCE

16elastic

PROCEDURES (13)

Privilege3 detections

Auto-extracted: 3 detections for privilege

Unusual2 detections

Auto-extracted: 2 detections for unusual

Api1 detections

Auto-extracted: 1 detections for api

Lateral1 detections

Auto-extracted: 1 detections for lateral

Process Creation Monitoring1 detections

Auto-extracted: 1 detections for process creation monitoring

Registry Monitoring1 detections

Auto-extracted: 1 detections for registry monitoring

Kubernetes1 detections

Auto-extracted: 1 detections for kubernetes

Privilege1 detections

Auto-extracted: 1 detections for privilege

Lateral1 detections

Auto-extracted: 1 detections for lateral

Kubernetes1 detections

Auto-extracted: 1 detections for kubernetes

Persist1 detections

Auto-extracted: 1 detections for persist

Unusual1 detections

Auto-extracted: 1 detections for unusual

Lateral1 detections

Auto-extracted: 1 detections for lateral

THREAT ACTORS (1)

TeamTNT

DETECTIONS (16)

Direct Interactive Kubernetes API Request by Unusual Utilities
elasticlow
Kubectl Apply Pod from URL
elasticlow
Kubernetes Anonymous User Create/Update/Patch Pods Request
elasticmedium
Kubernetes Container Created with Excessive Linux Capabilities
elasticmedium
Kubernetes Pod Created with a Sensitive hostPath Volume
elasticmedium
Kubernetes Pod Created With HostIPC
elasticmedium
Kubernetes Pod Created With HostNetwork
elasticmedium
Kubernetes Pod Created With HostPID
elasticmedium
Kubernetes Privileged Pod Created
elasticmedium
Kubernetes Sensitive Configuration File Activity
elasticmedium
Pod or Container Creation with Suspicious Command-Line
elasticmedium
Potential Kubectl Masquerading via Unexpected Process
elasticmedium
Potential Privilege Escalation through Writable Docker Socket
elasticmedium
Potential Privilege Escalation via Container Misconfiguration
elastichigh
Privileged Container Creation with Host Directory Mount
elastichigh
Privileged Docker Container Creation
elasticmedium