MITRE ATT&CK detection coverage

← Back to main site

Home/ MITRE Matrix/ Execution/ T1204.003

T1204.003Malicious Image

T1204.003 — Malicious Image is a MITRE ATT&CK technique in the Execution tactic. Clankerusecase tracks 14 detection use cases covering it and 2 threat-intel articles citing it.

Execution

View on the matrix → Filter Detection Library MITRE official spec ↗

14Use cases

2Articles

0Sub-techniques

1Tactic

↑ Parent technique: T1204 · User Execution

Use cases covering this technique (14)

ASL AWS ECR Container Upload Outside Business Hours ESCU actions · hunting P ASL AWS ECR Container Upload Unknown User ESCU actions · hunting P AWS ECR Container Scanning Findings High ESCU actions · alerting P AWS ECR Container Scanning Findings Low Informational Unknown ESCU actions · hunting P AWS ECR Container Scanning Findings Medium ESCU actions · hunting P AWS ECR Container Upload Outside Business Hours ESCU actions · hunting P AWS ECR Container Upload Unknown User ESCU actions · hunting P Risk Rule for Dev Sec Ops by Repository ESCU actions · alerting P Cisco Isovalent - Non Allowlisted Image Use ESCU actions · hunting P Cisco Isovalent - Pods Running Offensive Tools ESCU actions · hunting P Correlation by Repository and Risk ESCU actions · alerting P Correlation by User and Risk ESCU actions · alerting P [LLM] PHP CLI drops hidden /tmp dropper artefacts (Laravel-Lang autoload payload) Bespoke install · alerting DSΣPDDCS [LLM] DeepSeek-TUI sub-agent shell execution via AGENTS.md prompt injection (CVE-2026-45374) Bespoke exploit · alerting DSΣPDD

Articles citing this technique (2)

high Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets art-145

crit [GHSA / CRITICAL] CVE-2026-45374: DeepSeek TUI: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files art-292