English
Deutsch
Español
Español – América Latina
Français
Indonesia
Italiano
Português
Português – Brasil
中文 – 简体
中文 – 繁體
日本語
한국어

Console

Contact Us Start free

Cloud Run threat findings

Security Command Center performs runtime and control plane monitoring of Cloud Run resources. For recommended responses to these threats, see Respond to Cloud Run threat findings.

Runtime finding types

The following runtime detections are available with Cloud Run Threat Detection:

Command and Control: Steganography Tool Detected

Command and Control: Find Google Cloud Credentials

Credential Access: GPG Key Reconnaissance

Credential Access: Search Private Keys or Passwords

Defense Evasion: Base64 ELF File Command Line

Defense Evasion: Base64 Encoded Python Script Executed

Defense Evasion: Base64 Encoded Shell Script Executed

Defense Evasion: Launch Code Compiler Tool In Container

Execution: Added Malicious Binary Executed

Execution: Added Malicious Library Loaded

Execution: Built in Malicious Binary Executed

Execution: Container Escape

Execution: Fileless Execution in /memfd:

Execution: Kubernetes Attack Tool Execution

Execution: Local Reconnaissance Tool Execution

Execution: Malicious Python executed

Execution: Modified Malicious Binary Executed

Execution: Modified Malicious Library Loaded

Execution: Netcat Remote Code Execution in Container

Execution: Possible Arbitrary Command Execution through CUPS (CVE-2024-47177)

Execution: Possible Remote Command Execution Detected

Execution: Program Run with Disallowed HTTP Proxy Env

Execution: Socat Reverse Shell Detected

Execution: Suspicious OpenSSL Shared Object Loaded

Exfiltration: Launch Remote File Copy Tools in Container

Impact: Detect Malicious Cmdlines

Impact: Remove Bulk Data From Disk

Impact: Suspicious crypto mining activity using the Stratum Protocol

Malicious Script Executed

Malicious URL Observed

Privilege Escalation: Abuse of Sudo For Privilege Escalation (CVE-2019-14287)

Privilege Escalation: Fileless Execution in /dev/shm

Privilege Escalation: Polkit Local Privilege Escalation Vulnerability (CVE-2021-4034)

Privilege Escalation: Sudo Potential Privilege Escalation (CVE-2021-3156)

Reverse Shell

Unexpected Child Shell

Control plane finding types

The following control plane detections are available with Event Threat Detection:

Execution: Cryptomining Docker Image

Impact: Cryptomining Commands

Privilege Escalation: Default Compute Engine Service Account SetIAMPolicy

What's next

Learn about Cloud Run Threat Detection.
Learn about Event Threat Detection.
Learn how to respond to Cloud Run threat findings.
Refer to the Threat findings index.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-11-17 UTC.