Cloud Run 威胁发现结果

Security Command Center 会对 Cloud Run 资源执行运行时控制平面监控。如需了解针对这些威胁的建议响应措施,请参阅响应 Cloud Run 威胁发现结果

运行时发现结果类型

Cloud Run Threat Detection 提供以下运行时检测:

  • Command and Control: Steganography Tool Detected
  • Command and Control: Find Google Cloud Credentials
  • Credential Access: GPG Key Reconnaissance
  • Credential Access: Search Private Keys or Passwords
  • Defense Evasion: Base64 ELF File Command Line
  • Defense Evasion: Base64 Encoded Python Script Executed
  • Defense Evasion: Base64 Encoded Shell Script Executed
  • Defense Evasion: Launch Code Compiler Tool In Container
  • Execution: Added Malicious Binary Executed
  • Execution: Added Malicious Library Loaded
  • Execution: Built in Malicious Binary Executed
  • Execution: Container Escape
  • Execution: Fileless Execution in /memfd:
  • Execution: Kubernetes Attack Tool Execution
  • Execution: Local Reconnaissance Tool Execution
  • Execution: Malicious Python executed
  • Execution: Modified Malicious Binary Executed
  • Execution: Modified Malicious Library Loaded
  • Execution: Netcat Remote Code Execution in Container
  • Execution: Possible Arbitrary Command Execution through CUPS (CVE-2024-47177)
  • Execution: Possible Remote Command Execution Detected
  • Execution: Program Run with Disallowed HTTP Proxy Env
  • Execution: Socat Reverse Shell Detected
  • Execution: Suspicious OpenSSL Shared Object Loaded
  • Exfiltration: Launch Remote File Copy Tools in Container
  • Impact: Detect Malicious Cmdlines
  • Impact: Remove Bulk Data From Disk
  • Impact: Suspicious crypto mining activity using the Stratum Protocol
  • Malicious Script Executed
  • Malicious URL Observed
  • Privilege Escalation: Abuse of Sudo For Privilege Escalation (CVE-2019-14287)
  • Privilege Escalation: Fileless Execution in /dev/shm
  • Privilege Escalation: Polkit Local Privilege Escalation Vulnerability (CVE-2021-4034)
  • Privilege Escalation: Sudo Potential Privilege Escalation (CVE-2021-3156)
  • Reverse Shell
  • Unexpected Child Shell

    • 控制平面发现结果类型

    Event Threat Detection 提供以下控制平面检测:

  • Execution: Cryptomining Docker Image
  • Impact: Cryptomining Commands
  • Privilege Escalation: Default Compute Engine Service Account SetIAMPolicy

    • 后续步骤