Common Information
| Type | Value |
|---|---|
| Value |
Create Snapshot - T1578.001 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | An adversary may create a snapshot or data backup within a cloud account to evade defenses. A snapshot is a point-in-time copy of an existing cloud compute component such as a virtual machine (VM), virtual hard drive, or volume. An adversary may leverage permissions to create a snapshot in order to bypass restrictions that prevent access to existing compute service infrastructure, unlike in [Revert Cloud Instance](https://attack.mitre.org/techniques/T1578/004) where an adversary may revert to a snapshot to evade detection and remove evidence of their presence. An adversary may [Create Cloud Instance](https://attack.mitre.org/techniques/T1578/002), mount one or more created snapshots to that instance, and then apply a policy that allows the adversary access to the created instance, such as a firewall policy that allows them inbound and outbound SSH access.(Citation: Mandiant M-Trends 2020) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-10 | 5 | APC (asynchronous procedure call) | ||
| Details | Website | 2024-05-21 | 9 | Unmasking Adversary Cloud Defense Evasion Strategies: Modify Cloud Compute Infrastructure Part 2 | ||
| Details | Website | 2024-05-06 | 2 | Unmasking Adversary Cloud Defense Evasion Strategies: Modify Cloud Compute Infrastructure Part 1 | ||
| Details | Website | 2023-08-10 | 15 | Preload Elasticsearch with your dataset | ||
| Details | Website | 2023-06-06 | 31 | Volt Typhoon: Targeted Attacks on U.S. Critical Infrastructure | ||
| Details | Website | 2023-04-10 | 0 | Benchmark-driven optimizations — How we pushed scalability to the next level in Elasticsearch 8 | ||
| Details | Website | 2023-01-07 | 0 | How to Investigate Security Incidents in Azure — Forensic Acquisition of VMs in Azure | ||
| Details | Website | 2022-09-26 | 24 | dockerd | ||
| Details | Website | 2021-04-27 | 19 | ADExplorer on Engagements - TrustedSec | ||
| Details | Website | 2017-11-23 | 13 | Kubernetes 1.8: Hidden Gems - Volume Snapshotting | Jetstack Blog | ||
| Details | Website | 2016-10-24 | 4 | How We Architected and Run Kubernetes on OpenStack at Scale at Yahoo! JAPAN | ||
| Details | Website | 2012-03-20 | 1 | Backing up and restoring snapshots on Amazon EC2 machines |