MITRE ATT&CK · TA0003 Persistence

T1525 Implant Internal Image

Detection coverage in DCV across AWS, Azure and GCP for Implant Internal Image, plus the corresponding Sigma rules in the CloudSigma library. Source data refreshed 2026-04-24.

01 What is T1525?

Adversaries may implant cloud or container images with malicious code to establish persistence after gaining access to an environment. Amazon Web Services (AWS) Amazon Machine Images (AMIs), Google Cloud Platform (GCP) Images, and Azure Images as well as popular container runtimes such as Docker can be implanted or backdoored. Unlike Upload Malware, this technique focuses on adversaries implanting an image in a registry within a victim’s environment. Depending on how the infrastructure is provisioned, this could provide persistent access if the infrastructure provisioning tool is instructed to always use the latest image.

A tool has been developed to facilitate planting backdoors in cloud container images. If an adversary has access to a compromised AWS instance, and permissions to list the available container images, they may implant a backdoor such as a Web Shell.

Platforms: IaaS, Containers.

02 Coverage in DCV

DCV maps 27 detections across 3 cloud providers to T1525. Coverage by source:

Source Cloud Findings mapped Avg confidence
Azure Policy Azure 8 0.89
AWS Config Rules AWS 6 0.55
GCP Security Command Center GCP 6 0.87
Microsoft Defender for Cloud Azure 6 0.94
AWS Inspector AWS 1 0.75
03 Detect with CloudSigma

CloudSigma ships 3 production-ready Sigma rules that detect T1525 across 3 platforms. Every rule below is validated against its source SIEM dialect before publication.

Example: AWS Container Image Implant via ECR Push

L1 · experimental, tune before deploy verified 2026-04-24 · sha256:384e0c364e7e42a2 manifest → Verify in CloudSigma →

This rule is currently experimental. CloudSigma generated it from upstream threat intelligence; before enabling in production, tune the falsepositives section in your SIEM against your environment's known automation, service accounts and IP allowlist.

Sigma rule · CloudSigma 2026-02-06 
title: AWS Container Image Implant via ECR Push
id: 5d4ede0d-fe82-48ab-8ce4-e0607ac0e924
status: experimental
description: Detects pushing of container images to ECR repositories and repository creation that may indicate implanting
  a backdoored internal image. Adversaries may implant malicious images that execute when containers are deployed.
author: CloudSigma
date: 2026-02-06
references:
- https://attack.mitre.org/techniques/T1525/
- https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-push.html
tags:
- attack.persistence
- attack.t1525
logsource:
  product: aws
  service: cloudtrail
detection:
  selection:
    eventSource: ecr.amazonaws.com
    eventName:
    - PutImage
    - CreateRepository
    - BatchDeleteImage
  condition: selection
falsepositives:
- Legitimate container image publishing by CI/CD pipelines
- Authorized ECR repository management
level: medium
04 Related techniques
← Back to Persistence
Sources
  • MITRE ATT&CK, https://attack.mitre.org/techniques/T1525/
  • MITRE Tactic TA0003 Persistence, https://attack.mitre.org/tactics/TA0003/
  • MITRE Center for Threat-Informed Defense, Security Stack Mappings (https://center-for-threat-informed-defense.github.io/security-stack-mappings/)
Last verified: 2026-04-24