Container Administration Command (T1609)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Container Administration Command

Associated Tactics

  • Execution

Execution (TA0002)

The adversary is trying to run malicious code. Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery.

View on ATT&CK

Procedure Examples

Description Source(s)
Docker. (n.d.). Docker Exec. Retrieved March 29, 2021. Docker Exec
Docker. (n.d.). Docker run reference. Retrieved March 29, 2021. Docker Entrypoint
Docker. (n.d.). DockerD CLI. Retrieved March 29, 2021. Docker Daemon CLI
The Kubernetes Authors. (n.d.). Get a Shell to a Running Container. Retrieved March 29, 2021. Kubectl Exec Get Shell
The Kubernetes Authors. (n.d.). Kubelet. Retrieved March 29, 2021. Kubernetes Kubelet
The Kubernetes Authors. (n.d.). The Kubernetes API. Retrieved March 29, 2021. Kubernetes API