User Execution: Malicious File (AWS)

Description

Adversaries may enumerate objects in cloud storage infrastructure. Adversaries may use this information during automated discovery to shape follow-on behaviors, including requesting all or specific objects from cloud storage. Similar to File and Directory Discovery on a local host, after identifying available storage services (i.e. Cloud Infrastructure Discovery) adversaries may access the contents/objects stored in cloud infrastructure.

Products, Sensors, and Dependencies

Product	Dependencies	Data source	Access required	Protocol	Data Collected	Notes
Tenable Cloud Security		Cloud	Read-only	HTTPS	List of AWS EC2

Attack Path Technique Details

Framework: MITRE ATT&CK

Family: Execution

Technique: User Execution

Sub-Technique: Malicious File

Platform: AWS

Products Required: Tenable Cloud Security

Tenable Release Date: 2022 Q4

Detections

Analytics

User Execution: Malicious File (AWS)

Description

Products, Sensors, and Dependencies

Attack Path Technique Details