216.73.216.133

T1613: T1613

View on MITRE ATT&CK The MITRE Corporation · Published 31/03/2021 16:26 · Modified 27/03/2026 01:07

Essential information

MITRE technique ID
T1613
Confidence
100/100
Revoked
No
Published
31/03/2021 16:26
Modified
27/03/2026 01:07
Author / Source
The MITRE Corporation

Aliases

Container and Resource Discovery

Platforms

Containers

Description

Adversaries may attempt to discover containers and other resources that are available within a containers environment. Other resources may include images, deployments, pods, nodes, and other information such as the status of a cluster. These resources can be viewed within web applications such as the Kubernetes dashboard or can be queried via the Docker and Kubernetes APIs.(Citation: Docker API)(Citation: Kubernetes API) In Docker, logs may leak information about the environment, such as the environment’s configuration, which services are available, and what cloud provider the victim may be utilizing. The discovery of these resources may inform an adversary’s next steps in the environment, such as how to perform lateral movement and which methods to utilize for execution.

Kill chain phases

Kill chainPhase
mitre-attack discovery

Marking (TLP)

TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references