Skip to content

Hide Navigation Hide TOC

Siloscape - S0623 (4fbd565b-bf55-4ac7-80b4-b183a7b64b9c)

Siloscape is malware that targets Kubernetes clusters through Windows containers. Siloscape was first observed in March 2021.(Citation: Unit 42 Siloscape Jun 2021)

Cluster A Galaxy A Cluster B Galaxy B Level
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern Siloscape - S0623 (4fbd565b-bf55-4ac7-80b4-b183a7b64b9c) Malware 1
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Siloscape - S0623 (4fbd565b-bf55-4ac7-80b4-b183a7b64b9c) Malware 1
Siloscape - S0623 (4fbd565b-bf55-4ac7-80b4-b183a7b64b9c) Malware Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern 1
Siloscape - S0623 (4fbd565b-bf55-4ac7-80b4-b183a7b64b9c) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 1
Siloscape - S0623 (4fbd565b-bf55-4ac7-80b4-b183a7b64b9c) Malware Container Administration Command - T1609 (7b50a1d3-4ca7-45d1-989d-a6503f04bfe1) Attack Pattern 1
Siloscape - S0623 (4fbd565b-bf55-4ac7-80b4-b183a7b64b9c) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 1
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Siloscape - S0623 (4fbd565b-bf55-4ac7-80b4-b183a7b64b9c) Malware 1
Siloscape - S0623 (4fbd565b-bf55-4ac7-80b4-b183a7b64b9c) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 1
Siloscape - S0623 (4fbd565b-bf55-4ac7-80b4-b183a7b64b9c) Malware Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 1
Siloscape - S0623 (4fbd565b-bf55-4ac7-80b4-b183a7b64b9c) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 1
Siloscape - S0623 (4fbd565b-bf55-4ac7-80b4-b183a7b64b9c) Malware Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern 1
Siloscape - S0623 (4fbd565b-bf55-4ac7-80b4-b183a7b64b9c) Malware Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 1
Siloscape - S0623 (4fbd565b-bf55-4ac7-80b4-b183a7b64b9c) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 1
Siloscape - S0623 (4fbd565b-bf55-4ac7-80b4-b183a7b64b9c) Malware Escape to Host - T1611 (4a5b7ade-8bb5-4853-84ed-23f262002665) Attack Pattern 1
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2