Skip to content

DC0028 Image Metadata

Item Value
ID DC0028
Version 2.0
Created 20 October 2021
Last Modified 12 November 2025

Log Sources

Name Channel
docker:events docker.events.json
esxi:vmkernel VMX startup messages without associated vCenter inventory records
kubernetes:apiserver Resource creation and update logs

Detection Strategy

ID Name Technique Detected
DET0127 Behavioral Detection of Masquerading Across Platforms via Metadata and Execution Discrepancy T1036
DET0321 Detection Strategy for Hidden Virtual Instance Execution T1564.006
DET0347 Detection Strategy for Masquerading via Legitimate Resource Name or Location T1036.005