Description
[Siloscape](https://attack.mitre.org/software/S0623) is malware that targets Kubernetes clusters through Windows containers. [Siloscape](https://attack.mitre.org/software/S0623) was first observed in March 2021.(Citation: Unit 42 Siloscape Jun 2021)
External References
Techniques Used by This Malware
- T1027 — Obfuscated Files or Information
- T1059.003 — Windows Command Shell
- T1068 — Exploitation for Privilege Escalation
- T1069 — Permission Groups Discovery
- T1071 — Application Layer Protocol
- T1083 — File and Directory Discovery
- T1090.003 — Multi-hop Proxy
- T1106 — Native API
- T1134.001 — Token Impersonation/Theft
- T1140 — Deobfuscate/Decode Files or Information
- T1190 — Exploit Public-Facing Application
- T1518 — Software Discovery
- T1609 — Container Administration Command
- T1611 — Escape to Host