Last reviewed:
T1525 is the supply-chain persistence technique of planting malicious cloud or container images for re-execution at scale: the trick behind compromised CI/CD chains and attacker-controlled base images. DCV's T1525 mapping is container-native: GCP SCC MALICIOUS_IMAGE and ADDED_BINARY_EXECUTED catch post-build tampering that bypasses initial scanning, with Azure Defender for Container Registries as the preventive baseline. When public registry advisories describe a compromised image, CloudSigma turns that write-up into a Sigma rule for your SIEM.
Adversaries may implant cloud or container images with malicious code to establish persistence after gaining access to an environment. Amazon Web Services (AWS) Amazon Machine Images (AMIs), Google Cloud Platform (GCP) Images, and Azure Images as well as popular container runtimes such as Docker can be implanted or backdoored. Unlike Upload Malware, this technique focuses on adversaries implanting an image in a registry within a victim’s environment. Depending on how the infrastructure is provisioned, this could provide persistent access if the infrastructure provisioning tool is instructed to always use the latest image.
A tool has been developed to facilitate planting backdoors in cloud container images. If an adversary has access to a compromised AWS instance, and permissions to list the available container images, they may implant a backdoor such as a Web Shell.
Platforms: IaaS, Containers.
DCV maps 27 detections across 3 cloud providers to T1525. Coverage by source:
| Source | Cloud | Findings mapped | Avg confidence |
|---|---|---|---|
| Azure Policy | Azure | 8 | 0.89 |
| AWS Config Rules | AWS | 6 | 0.55 |
| GCP Security Command Center | GCP | 6 | 0.87 |
| Microsoft Defender for Cloud | Azure | 6 | 0.94 |
| AWS Inspector | AWS | 1 | 0.75 |
CloudSigma has coverage metadata for 27 T1525 rules across 3 platforms. The linked platform page remains the canonical rule surface; this page will embed an example after a rule clears the public embed bar.
CloudSigma has coverage metadata for T1525, but no public example rule clears the embed bar for this page yet. Generate a fresh starting-point rule in CloudSigma from the relevant advisory or threat-research input, then validate it against your local telemetry before enabling it in production.
T1525 is the supply-chain persistence technique of planting malicious cloud or container images for re-execution at scale: the trick behind compromised CI/CD chains and attacker-controlled base images. DCV's T1525 mapping is container-native: GCP SCC MALICIOUS_IMAGE and ADDED_BINARY_EXECUTED catch post-build tampering that bypasses initial scanning, with Azure Defender for Container Registries as the preventive baseline. When public registry advisories describe a compromised image, CloudSigma turns that write-up into a Sigma rule for your SIEM.
DCV maps 27 cloud-native detections to T1525 across 3 cloud providers, drawn from AWS Config Rules, AWS Inspector, Azure Policy, GCP Security Command Center and Microsoft Defender for Cloud.
T1525 is part of MITRE ATT&CK TA0003 Persistence: How adversaries keep their foothold across reboots and credential rotations.
CloudSigma ships 3 validated Sigma rules for T1525 across AWS CloudTrail, Azure Activity and GCP Audit Logs. Each rule is validated against its source SIEM dialect before publication.