A standard unit of virtualized software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another[1]
Initial construction of a new container (ex: docker create
Initial construction of a new container (ex: docker create
| Domain | ID | Name | |
|---|---|---|---|
| Enterprise | T1610 | Deploy Container | |
| Enterprise | T1611 | Escape to Host | |
| Enterprise | T1053 | Scheduled Task/Job | |
| .007 | Container Orchestration Job | ||
| Enterprise | T1204 | User Execution | |
| .003 | Malicious Image | ||
An extracted list of containers (ex: docker ps)
An extracted list of containers (ex: docker ps)
| Domain | ID | Name | |
|---|---|---|---|
| Enterprise | T1613 | Container and Resource Discovery | |
Contextual data about a container and activity around it such as name, ID, image, or status
Contextual data about a container and activity around it such as name, ID, image, or status
| Domain | ID | Name | |
|---|---|---|---|
| Enterprise | T1613 | Container and Resource Discovery | |
Activation or invocation of a container (ex: docker start or docker restart)
Activation or invocation of a container (ex: docker start or docker restart)
| Domain | ID | Name | |
|---|---|---|---|
| Enterprise | T1610 | Deploy Container | |
| Enterprise | T1204 | User Execution | |
| .003 | Malicious Image | ||