Last reviewed:
T1204.003 is execution of a poisoned machine or container image: a backdoored public AMI, a typosquatted Docker Hub pull, or a registry image rebuilt with an implant. The supply chain is the attack surface. DCV grounds detection in GCP Security Command Center's EXECUTION_BUILT_IN_MALICIOUS_BINARY and EXECUTION_MODIFIED_MALICIOUS_BINARY container findings, and on Azure in the policy that Kubernetes services use approved images only, backed by registry vulnerability scanning. Pin image digests rather than tags and the typosquat class largely disappears.
Adversaries may rely on a user running a malicious image to facilitate execution. Amazon Web Services (AWS) Amazon Machine Images (AMIs), Google Cloud Platform (GCP) Images, and Azure Images as well as popular container runtimes such as Docker can be backdoored. Backdoored images may be uploaded to a public repository via Upload Malware, and users may then download and deploy an instance or container from the image without realizing the image is malicious, thus bypassing techniques that specifically achieve Initial Access. This can lead to the execution of malicious code, such as code that executes cryptocurrency mining, in the instance or container.
Adversaries may also name images a certain way to increase the chance of users mistakenly deploying an instance or container from the image (ex: Match Legitimate Resource Name or Location).
Platforms: IaaS, Containers.
DCV maps 13 detections across 2 cloud providers to T1204.003. Coverage by source:
| Source | Cloud | Findings mapped | Avg confidence |
|---|---|---|---|
| GCP Security Command Center | GCP | 5 | 0.89 |
| Azure Policy | Azure | 4 | 0.86 |
| Microsoft Defender for Cloud | Azure | 4 | 0.90 |
CloudSigma has coverage metadata for 13 T1204.003 rules across 3 platforms. The linked platform page remains the canonical rule surface; this page will embed an example after a rule clears the public embed bar.
CloudSigma has coverage metadata for T1204.003, but no public example rule clears the embed bar for this page yet. Generate a fresh starting-point rule in CloudSigma from the relevant advisory or threat-research input, then validate it against your local telemetry before enabling it in production.
T1204.003 is execution of a poisoned machine or container image: a backdoored public AMI, a typosquatted Docker Hub pull, or a registry image rebuilt with an implant. The supply chain is the attack surface. DCV grounds detection in GCP Security Command Center's EXECUTION_BUILT_IN_MALICIOUS_BINARY and EXECUTION_MODIFIED_MALICIOUS_BINARY container findings, and on Azure in the policy that Kubernetes services use approved images only, backed by registry vulnerability scanning. Pin image digests rather than tags and the typosquat class largely disappears.
DCV maps 13 cloud-native detections to T1204.003 across 2 cloud providers, drawn from Azure Policy, GCP Security Command Center and Microsoft Defender for Cloud.
T1204.003 is part of MITRE ATT&CK TA0002 Execution: How adversaries run their code once inside.
CloudSigma ships 3 validated Sigma rules for T1204.003 across AWS CloudTrail, Azure Activity and GCP Audit Logs. Each rule is validated against its source SIEM dialect before publication.