PutImage
AWS
PutImage
Event
Pushes a container image to ECR, potentially introducing backdoored images into the deployment pipeline.
Security Context
- Pushing a malicious container image to ECR can compromise all downstream workloads that pull from the repository, providing persistent code execution across the deployment pipeline.
- Adversaries implant backdoored images that appear legitimate but contain reverse shells, credential harvesters, or cryptominers that activate at runtime.
Log Source
CloudTrail
Sample Event
Adversarial — persistence. Draco — having obtained an ECR auth token earlier (see aws-getauthorizationtoken) — pushes a backdoored variant of the OCCAMY pipeline base image to the production registry under the tag :latest. Existing CI/CD jobs that pull :latest will run the backdoored container at next deploy. The image manifest (visible in requestParameters.imageManifest) will look superficially identical to legitimate pushes; only layer-level analysis exposes the additional malicious layer. T1525.
{ "eventVersion": "1.09", "userIdentity": { "type": "IAMUser", "principalId": "AIDADRAC0MALF0YBADGY", "arn": "arn:aws:iam::555123456789:user/draco", "accountId": "555123456789", "accessKeyId": "AKIADRAC0MALF0YEXAMP5", "userName": "draco", "sessionContext": { "attributes": { "creationDate": "2026-04-15T21:42:08Z", "mfaAuthenticated": "false" } } }, "eventTime": "2026-04-16T00:02:48Z", "eventSource": "ecr.amazonaws.com", "eventName": "PutImage", "awsRegion": "us-east-1", "sourceIPAddress": "203.0.113.66", "userAgent": "aws-cli/1.18.147 Python/3.7.10 Linux/5.4.0-1045-aws botocore/1.18.6", "requestParameters": { "repositoryName": "occamy-pipeline-base", "imageTag": "latest", "registryId": "555123456789", "imageManifest": "{\n \"schemaVersion\": 2,\n \"mediaType\": \"application/vnd.docker.distribution.manifest.v2+json\",\n \"config\": {\n \"mediaType\": \"application/vnd.docker.container.image.v1+json\",\n \"size\": 5921,\n \"digest\": \"sha256:c0ffeec0ffeec0ffeec0ffeec0ffeec0ffeec0ffeec0ffeec0ffeec0ffee0666\"\n },\n \"layers\": [\n {\n \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n \"size\": 43252507,\n \"digest\": \"sha256:3b37166ec61459e76e33282dda08f2a9cd698ca7e3d6bc44e6a6e7580cdeff8e\"\n },\n {\n \"mediaType\": \"application/vnd.docker.image.rootfs.diff.tar.gzip\",\n \"size\": 2147483,\n \"digest\": \"sha256:badbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbad0666\"\n }\n ]\n}" }, "responseElements": { "image": { "repositoryName": "occamy-pipeline-base", "registryId": "555123456789", "imageId": { "imageDigest": "sha256:dadadadadadadadadadadadadadadadadadadadadadadadadadadadadada0666", "imageTag": "latest" }, "imageManifest": "{...}" } }, "requestID": "90000000-0000-4000-8000-000101101110", "eventID": "90000000-0000-4000-8000-000101101111", "readOnly": false, "resources": [ { "ARN": "arn:aws:ecr:us-east-1:555123456789:repository/occamy-pipeline-base", "accountId": "555123456789" } ], "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "555123456789", "eventCategory": "Management", "tlsDetails": { "tlsVersion": "TLSv1.3", "cipherSuite": "TLS_AES_128_GCM_SHA256", "clientProvidedHostHeader": "api.ecr.us-east-1.amazonaws.com" }}MITRE ATT&CK Mapping
Tactics: Persistence
Techniques:
- T1525 — Implant Internal Image — Adversaries may implant cloud or container images with malicious code to establish persistence after gaining access to an environment. Amazon Web Services (AWS) Amazon Machine Images (AMIs), Google Cloud Platform (GCP) Images, and Azure Images as well as popular container runtimes such as Docker...