Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221)

Peirates is a post-exploitation Kubernetes exploitation framework with a focus on gathering service account tokens for lateral movement and privilege escalation. The tool is written in GoLang and publicly available on GitHub.(Citation: Peirates GitHub)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221)	mitre-tool	Data from Cloud Storage - T1530 (3298ce88-1628-43b1-87d9-0b5336b193d7)	Attack Pattern	1
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221)	mitre-tool	Container and Resource Discovery - T1613 (0470e792-32f8-46b0-a351-652bc35e9336)	Attack Pattern	1
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221)	mitre-tool	Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51)	Attack Pattern	1
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221)	mitre-tool	Container Administration Command - T1609 (7b50a1d3-4ca7-45d1-989d-a6503f04bfe1)	Attack Pattern	1
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221)	mitre-tool	Container API - T1552.007 (f8ef3a62-3f44-40a4-abca-761ab235c436)	Attack Pattern	1
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221)	mitre-tool	Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a)	Attack Pattern	1
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221)	mitre-tool	Deploy Container - T1610 (56e0d8b8-3e25-49dd-9050-3aa252f5aa92)	Attack Pattern	1
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221)	mitre-tool	Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	1
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221)	mitre-tool	Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65)	Attack Pattern	1
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221)	mitre-tool	Cloud Storage Object Discovery - T1619 (8565825b-21c8-4518-b75e-cbc4c717a156)	Attack Pattern	1
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221)	mitre-tool	Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3)	Attack Pattern	1
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221)	mitre-tool	Escape to Host - T1611 (4a5b7ade-8bb5-4853-84ed-23f262002665)	Attack Pattern	1
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51)	Attack Pattern	2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Container API - T1552.007 (f8ef3a62-3f44-40a4-abca-761ab235c436)	Attack Pattern	2
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3)	Attack Pattern	2