在主机上构建镜像

Sub-techniques (4)

ID	Name
T1612.001	动态分层构建镜像
T1612.002	合法基础镜像劫持
T1612.003	构建过程指令混淆
T1612.004	本地镜像缓存复用

在主机上构建镜像是指攻击者通过直接调用容器引擎API在目标主机上创建定制化镜像，规避从外部仓库拉取恶意镜像的检测风险。攻击者通常在构建过程中注入恶意组件，利用基础镜像的合法性掩护攻击行为。防御措施包括监控异常镜像构建请求、检测构建指令中的可疑命令，以及分析容器运行时的非常规网络连接。

为应对传统镜像安全扫描和构建行为监控，攻击者发展出多维度匿迹技术，通过镜像层逻辑分离、构建指令混淆、本地资源复用等手法，将恶意操作深度嵌入容器开发生命周期，使攻击行为呈现出与正常开发流程高度一致的特征。

当前镜像构建匿迹技术的核心逻辑聚焦于攻击链的流程融合与信任机制滥用。动态分层构建通过将恶意操作分散到多个合规构建步骤，利用容器层的不可变特性规避增量检测；合法基础镜像劫持借助官方镜像的数字签名信任，在后续层中实施"合法载体+恶意载荷"的组合攻击；构建指令混淆则突破静态分析能力边界，通过语法语义变形隐藏攻击意图；本地缓存复用技术通过最大化利用现有资源，降低攻击行为的网络侧特征。这些技术的共性在于深度利用容器生态的固有特性（如层缓存、多阶段构建、环境变量继承），将恶意行为伪装成开发运维的标准操作，使得基于单一检测维度（如镜像哈希校验、Dockerfile关键字匹配）的防御体系难以生效。

匿迹技术的演进导致传统镜像安全扫描方案的检测精度大幅下降，防御方需构建全生命周期监控体系，实施构建指令的动态语义分析、镜像层的增量行为检测，以及运行时环境的差分校验，同时强化开发环境的访问控制与行为审计能力。

ID: T1612

Sub-techniques: T1612.001, T1612.002, T1612.003, T1612.004

ⓘ

Tactic: 防御规避

ⓘ

Platforms: Containers

Contributors: Assaf Morag, @MoragAssaf, Team Nautilus Aqua Security; Michael Katchinskiy, @michael64194968, Team Nautilus Aqua Security; Roi Kol, @roykol1, Team Nautilus Aqua Security; Vishwas Manral, McAfee

Version: 1.3

Created: 30 March 2021

Last Modified: 15 April 2023

匿迹效应

效应类型	是否存在
特征伪装	✅
行为透明	✅
数据遮蔽	✅
时空释痕	❌

特征伪装

攻击者通过将恶意构建指令与合法开发命令混合编排，使Dockerfile文件在语法结构和操作流程上与正常开发行为一致。例如在安装系统依赖的步骤中嵌入加密载荷下载指令，或利用多阶段构建将攻击链分割到不同镜像层，使得静态检测工具难以识别异常特征。

行为透明

通过复用已有开发工具链（如Docker CLI、CI/CD流水线）实施攻击，恶意镜像构建过程与正常开发活动使用相同的API接口和系统调用，导致安全监控系统无法基于行为模式差异进行有效识别。

数据遮蔽

在构建过程中采用加密通信下载攻击载荷（如通过HTTPS获取恶意组件），并对注入的恶意代码进行混淆处理（如二进制加壳、字符串加密），使得网络流量和镜像层内容均无法通过常规手段解析。

Mitigations

ID	Mitigation	Description
M1047	Audit	Audit images deployed within the environment to ensure they do not contain any malicious components.
M1035	Limit Access to Resource Over Network	Limit communications with the container service to local Unix sockets or remote access via SSH. Require secure port access to communicate with the APIs over TLS by disabling unauthenticated access to the Docker API on port 2375. Instead, communicate with the Docker API over TLS on port 2376.^[1]
M1030	Network Segmentation	Deny direct remote access to internal systems through the use of network proxies, gateways, and firewalls.
M1026	Privileged Account Management	Ensure containers are not running as root by default. In Kubernetes environments, consider defining Pod Security Standards that prevent pods from running privileged containers.^[2]

Detection

ID	Data Source	Data Component	Detects
DS0007	Image	Image Creation	Monitor for unexpected Docker image build requests to the Docker daemon on hosts in the environment.
DS0029	Network Traffic	Network Connection Creation	Monitor for established network communications with anomalous IPs that have never been seen before in the environment that may indicate the download of malicious code.
		Network Traffic Content	Monitor for network traffic associated with requests and/or downloads of container images, especially those that may be anomalous or known malicious.
		Network Traffic Flow	Monitor for established network communications with anomalous IPs that have never been seen before in the environment that may indicate the download of malicious code.

References

Docker. (n.d.). Protect the Docker Daemon Socket. Retrieved March 29, 2021.

National Security Agency, Cybersecurity and Infrastructure Security Agency. (2022, March). Kubernetes Hardening Guide. Retrieved April 1, 2022.