1. Home
  2. Data Sources
  3. Image

Image

A single file used to deploy a virtual machine/bootable disk into an on-premise or third-party cloud environment[1][2]

ID: DS0007
Platform: IaaS
Collection Layer: Cloud Control Plane
Contributors: Center for Threat-Informed Defense (CTID)
Version: 1.0
Created: 20 October 2021
Last Modified: 10 November 2021

Data Components

Image: Image Creation

Initial construction of a virtual machine image (ex: Azure Compute Service Images PUT)

Image: Image Creation

Initial construction of a virtual machine image (ex: Azure Compute Service Images PUT)

Domain ID Name
Enterprise T1612 Build Image on Host
Enterprise T1525 Implant Internal Image
Enterprise T1204 User Execution
.003 Malicious Image

Image: Image Deletion

Removal of a virtual machine image (ex: Azure Compute Service Images DELETE)

Image: Image Deletion

Removal of a virtual machine image (ex: Azure Compute Service Images DELETE)

Domain ID Name
Enterprise T1485 Data Destruction

Image: Image Metadata

Contextual data about a virtual machine image such as name, resource group, state, or type

Image: Image Metadata

Contextual data about a virtual machine image such as name, resource group, state, or type

Domain ID Name
Enterprise T1036 Masquerading
.005 Match Legitimate Name or Location

Image: Image Modification

Changes made to a virtual machine image, including setting and/or control data (ex: Azure Compute Service Images PATCH)

Image: Image Modification

Changes made to a virtual machine image, including setting and/or control data (ex: Azure Compute Service Images PATCH)

Domain ID Name
Enterprise T1525 Implant Internal Image

References

  1. Microsoft. (2021, August 23). Create a managed image of a generalized VM in Azure. Retrieved October 13, 2021.
  1. Amazon. (n.d.). Amazon Machine Images (AMI). Retrieved October 13, 2021.