<noframes id="vfxvr">

    <track id="vfxvr"></track>

      <span id="vfxvr"></span>

          ATT&CK-CN V1.01 Last Update: 2019-11 [返回索引頁]

          譯者: 林妙倩(清華大學網絡研究院網絡空間安全實習生)、戴亦侖(賽寧網安) 原創翻譯作品,如果需要轉載請取得翻譯作者同意。

          數據來源:ATT&CK Matrices

          原文: https://attack.mitre.org/techniques/T1525

          術語表: /attack/glossary

          注入容器鏡像

          Amazon Web Service(AWS)Amazon Machine Images(AMI),Google Cloud Platform(GCP)映像和Azure Images以及流行的容器運行時(例如Docker)都可以植入或后門以包含惡意代碼。根據基礎結構的配置方式,如果指示基礎結構配置工具始終使用最新映像,則可以提供持久訪問。

          已經開發了一種工具來促進在云容器鏡像中種植后門。如果攻擊者有權訪問受感染的AWS實例,并且有權列出可用的容器映像,則他們可能會植入后門,例如Web Shell。攻擊者還可能植入可能在云部署中無意中使用的Docker映像,這在某些加密挖礦僵尸網絡實例中已有報道。

          Implant Container Image

          Amazon Web Service (AWS) Amazon Machine Images (AMI), Google Cloud Platform (GCP) Images, and Azure Images as well as popular container runtimes such as Docker can be implanted or backdoored to include malicious code. Depending on how the infrastructure is provisioned, this could provide persistent access if the infrastructure provisioning tool is instructed to always use the latest image.

          A tool has been developed to facilitate planting backdoors in cloud container images.If an attacker has access to a compromised AWS instance, and permissions to list the available container images, they may implant a backdoor such as a web shell.Adversaries may also implant Docker images that may be inadvertently used in cloud deployments, which has been reported in some instances of cryptomining botnets

          標簽

          ID編號: T1525

          策略: 持久性

          平臺: GCP,Azure,AWS

          所需權限: user

          緩解措施

          減輕 描述
          審計 (M1047) 定期檢查云部署中使用的映像和容器的完整性,以確保未對其進行修改以包括惡意軟件。
          代碼簽名(M1045) 一些云服務提供商支持內容信任模型,這些模型要求容器映像由受信任的源簽名。
          特權賬戶管理 (M1026) 根據最小特權原則,限制與創建和修改平臺映像或容器相關的權限。
          Mitigation Description
          Audit (M1047) Periodically check the integrity of images and containers used in cloud deployments to ensure they have not been modified to include malicious software.
          Code Signing (M1045) Several cloud service providers support content trust models that require container images be signed by trusted sources. [4] [5]
          Privileged Account Management (M1026) Limit permissions associated with creating and modifying platform images or containers based on the principle of least privilege.

          檢測

          監視用戶與鏡像和容器的交互,以識別異常添加或修改的鏡像和容器。

          Monitor interactions with images and containers by users to identify ones that are added or modified anomalously.

          欧美日韩国产亚洲,天天射影院,大芭蕉天天视频在线观看,欧美肥老太牲交大片,奇米色888,黄三级高清在线播放,国产卡一卡二卡三卡四,亚洲第一黄色视频 日韩中文字幕中文有码,日本A级作爱片一,奇米第四,三级片短片视频免费在线观看,奇米网狠狠网,影音先锋色AV男人资源网,日本丰满熟妇hd 日本日韩中文字幕无区码,涩 色 爱 性,天天射影视,中文字幕制服丝袜第57页,777米奇影院奇米网狠狠,尤物TV国产精品看片在线,欧洲女同牲恋牲交视频 久久AV天堂日日综合,亚洲性爱影院色yeye,日韩亚洲欧美Av精品,十八禁全身裸露全彩漫画,奇米网影视,人人爽人人澡人人人妻,动漫AV专区,天天色综合影院 日韩精品中文字幕,特级无码毛片免费视频,人妻少妇不卡无码视频,制服丝袜有码中文字幕在线,深爱激动情网婷婷,影音先锋全部色先锋,香港三级日本三级韩级人妇 日韩欧美亚洲综合久久在线视频,2021XX性影院,玖玖资源站最稳定网址,日韩亚洲制服丝袜中文字幕,国产超碰人人模人人爽人人喊,先锋色熟女丝袜资源 很黄特别刺激又免费的视频,2021一本久道在线线观看,色中娱乐黄色大片,日本高清不卡在线观看播放,97国产自在现线免费视频,国产在线精品亚洲第一区 免费中文字幕精品一区二区 视频,狠狠爱俺也色,天天好逼网,日韩制服丝袜,国产女人大象蕉视频在线观看,国产 精品 自在 线免费,午夜时刻在线观看