User Execution: Malicious File (AWS)


Adversaries may enumerate objects in cloud storage infrastructure. Adversaries may use this information during automated discovery to shape follow-on behaviors, including requesting all or specific objects from cloud storage. Similar to File and Directory Discovery on a local host, after identifying available storage services (i.e. Cloud Infrastructure Discovery) adversaries may access the contents/objects stored in cloud infrastructure.

Products, Sensors, and Dependencies

ProductDependenciesData sourceAccess requiredProtocolData CollectedNotes
Tenable Cloud SecurityCloudRead-onlyHTTPSList of AWS EC2

Attack Path Technique Details

Framework: MITRE ATT&CK

Family: Execution

Technique: User Execution

Sub-Technique: Malicious File

Platform: AWS

Products Required: Tenable Cloud Security

Tenable Release Date: 2022 Q4