Skip to content

DS0032 Container

A standard unit of virtualized software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another1

Item Value
ID DS0032
Platforms Containers
Collection Layers Container
Version 1.0
Created 20 October 2021
Last Modified 10 November 2021

Data Components

Container Creation

Initial construction of a new container (ex: docker create )

Domain ID Name
enterprise T1610 Deploy Container
enterprise T1611 Escape to Host
enterprise T1053 Scheduled Task/Job
enterprise T1053.007 Container Orchestration Job
enterprise T1204 User Execution
enterprise T1204.003 Malicious Image

Container Enumeration

An extracted list of containers (ex: docker ps)

Domain ID Name
enterprise T1613 Container and Resource Discovery

Container Start

Activation or invocation of a container (ex: docker start or docker restart)

Domain ID Name
enterprise T1610 Deploy Container
enterprise T1204 User Execution
enterprise T1204.003 Malicious Image

References

  1. docker docs. (n.d.). Containers. Retrieved October 13, 2021.