Agent Platform Threat Detection overview

A process was executed that contains an argument that is a base64- encoded python script.

If an encoded python script execution is detected, it's a signal that an attacker is trying to encode binary data for transfer to ASCII-only command lines. Attackers can use this technique to evade detection and run malicious code embedded in a python script.

A process was executed that contains an argument that is a base64- encoded shell script.

If an encoded shell script execution is detected, it's a signal that an attacker is trying to encode binary data for transfer to ASCII-only command lines. Attackers can use this technique to evade detection and run malicious code embedded in a shell script.

A process was initiated to launch a code compiler tool within the container environment, indicating a potential attempt to build or modify executable code in an isolated context.

Attackers might use code compilers within containers to develop malicious payloads, inject code into existing binaries, or create tools to bypass security controls, all while operating in a less scrutinized environment to evade detection on the host system.

A process executed a binary that threat intelligence identifies as malicious. This binary was not part of the original agentic workload.

This event strongly suggests that an attacker has control of the workload and is running malicious software.

A process loaded a library that threat intelligence identifies as malicious. This library was not part of the original agentic workload.

This event suggests that an attacker likely has control of the workload and is running malicious software.

A process executed a binary that threat intelligence identifies as malicious. This binary was part of the original agentic workload.

This event might suggest that an attacker is deploying a malicious workload. For example, the actor might have gained control of a legitimate build pipeline and injected the malicious binary into the agentic workload.

A process running inside the container attempted to bypass container isolation by using known exploit techniques or binaries, which threat intelligence identifies as potential threats. A successful escape can allow an attacker to access the host system and potentially compromise the entire environment.

This action suggests that an attacker is exploiting vulnerabilities to gain unauthorized access to the host system or broader infrastructure.

A process was executed using an in-memory file descriptor.

A process launched from an in-memory file might indicate an attacker is trying to bypass other detection methods to execute malicious code.

A process executed a Kubernetes-specific attack tool, which threat intelligence identifies as a potential threat.

This action suggests that an attacker has gained access to the cluster and is using the tool to exploit Kubernetes-specific vulnerabilities or configurations.

A process executed a local reconnaissance tool that is not typically part of the agentic workload. Threat intelligence identifies these tools as potential threats.

This event suggests that an attacker is trying to gather internal system information, such as mapping the infrastructure, identifying vulnerabilities, or collecting data on system configurations.

A machine learning model identified executed Python code as malicious. An attacker can use Python to download tools or files into a compromised environment and execute commands without using binaries.

The detector uses natural language processing (NLP) to analyze the Python code's content. Because this approach isn't based on signatures, detectors can identify known and novel malicious Python code.

A process executed a binary that threat intelligence identifies as malicious. This binary was part of the original agentic workload but was modified at runtime.

This event suggests that an attacker might have control of the workload and is running malicious software.

A process loaded a library that threat intelligence identifies as malicious. This library was part of the original agentic workload but was modified at runtime.

This event suggests that an attacker has control of the workload and is running malicious software.

A machine learning model identified executed Bash code as malicious. An attacker can use Bash to download tools or files into a compromised environment and execute commands without using binaries.

The detector uses NLP to analyze the Bash code's content. Because this approach is not based on signatures, detectors can identify known and novel malicious Bash code.

Agent Platform Threat Detection observed a malicious URL in the argument list of a running process.

The detector compares these URLs against the unsafe web resources lists maintained by the Google Safe Browsing service. If you believe that Google incorrectly classified a URL as a phishing site or malware, report the issue at Reporting Incorrect Data .

A process started with stream redirection to a remote connected socket. The detector looks for stdin bound to a remote socket.

A reverse shell allows an attacker to communicate from a compromised workload to an attacker-controlled machine. The attacker can then command and control the workload—for example, as part of a botnet.

A process that does not normally invoke shells unexpectedly spawned a shell process.

The detector monitors process executions and generates a finding when a known parent process spawns a shell unexpectedly.

Netcat, a versatile networking utility, was executed within the container environment, potentially indicating an attempt to establish unauthorized remote access or exfiltrate data.

The use of Netcat in a containerized environment might signal an attacker's effort to create a reverse shell, enable lateral movement, or execute arbitrary commands, which can compromise system integrity.

This rule detects the foomatic-rip process executing common shell programs, which might indicate that an attacker has exploited CVE-2024-47177. foomatic-rip is part of the OpenPrinting CUPS, an open source printing service that is a part of many Linux distributions. Most container images have this printing service disabled or removed. If this detection occurs, evaluate that this is intended behavior or disable the service immediately.

A process was detected spawning common UNIX commands through a network socket connection, indicating a potential attempt to establish unauthorized remote command execution capabilities.

Attackers frequently utilize techniques that mimic reverse shells to gain interactive control over a compromised system, allowing them to execute arbitrary commands remotely and bypass standard network security measures like firewall restrictions. Detecting command execution over a socket is a strong indicator of malicious remote access.

A program was executed with an HTTP proxy environment variable that is disallowed. This can indicate an attempt to bypass security controls, redirect traffic for malicious purposes, or exfiltrate data through unauthorized channels.

Attackers might configure disallowed HTTP proxies to intercept sensitive information, route traffic through malicious servers, or establish covert communication channels. Detecting the execution of programs with these environment variables is crucial for maintaining network security and preventing data breaches.

The socat command has been used to create a reverse shell.

This rule detects the execution socat to create a reverse shell by redirecting stdin, stdout, and stderr file descriptors. This is a common technique used by attackers to gain remote access to a compromised system.

OpenSSL has been executed to load a custom shared object.

Attackers might load custom libraries and replace existing libraries used by OpenSSL in order to run malicious code. Its use in production is uncommon and should warrant an immediate investigation.

A remote file copy tool execution was detected within the container, indicating potential data exfiltration, lateral movement, or the deployment of malicious payloads.

Attackers often use these tools to transfer sensitive data outside of the container, move laterally within the network to compromise other systems, or introduce malware for further malicious activities. Detecting the use of remote file copy tools is crucial for preventing data breaches, unauthorized access, and further compromise of the container and potentially the host system.

A command was executed with arguments known to be potentially destructive, such as attempts to delete critical system files or modify password-related configurations.

Attackers might issue malicious command lines to cause system instability, prevent recovery by deleting essential files, or gain unauthorized access by manipulating user credentials. Detecting these specific command patterns is critical to preventing significant system impact.

A process was detected performing bulk data deletion operations, which might indicate an attempt to erase evidence, disrupt services, or execute a data-wiping attack within the container environment.

Attackers might remove large volumes of data to cover their tracks, sabotage operations, or prepare for ransomware deployment. Detecting such activity helps in identifying potential threats before critical data loss occurs.

A process was detected communicating over the Stratum protocol, which is commonly used by cryptocurrency mining software. This activity suggests potential unauthorized mining operations within the container environment.

Attackers often deploy cryptocurrency miners to exploit system resources for financial gain, leading to degraded performance, increased operational costs, and potential security risks. Detecting such activity helps mitigate resource abuse and unauthorized access.

sudo has been executed with arguments that attempt to elevate privileges.

This detection notifies an attempt to exploit CVE-2019-14287, which allows privilege escalation by abusing the sudo command. sudo versions prior to v1.8.28 had an exploit that allowed a non-root user to gain root privileges.

A non-root user has executed pkexec with environment variables that attempt to escalate privileges.

This rule detects an attempt to exploit a privilege escalation vulnerability (CVE-2021-4034) in Polkit's pkexec . By running specially crafted code, a non-root user can use this flaw to gain root privileges on a compromised system.

A non-root user has executed sudo or sudoedit with a pattern of arguments that attempt to escalate privileges.

Detects an attempt to exploit a vulnerability affecting sudo versions 1.9.5p2 and earlier. Executing sudo or sudoedit with certain arguments, including one that ends with a single backslash character, as an unprivileged user can elevate the user's privileges to that of a root user.