Threat Actors Target AWS EC2 Workloads to Steal Credentials
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Cloud Services - T1021.007 Credentials - T1589.001 Credentials In Files - T1552.001 Exploits - T1587.004 Exploits - T1588.005 Hidden Files And Directories - T1564.001 Hide Artifacts - T1628 Hide Artifacts - T1564 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Unsecured Credentials - T1552 Web Services - T1583.006 Web Services - T1584.006 Tool - T1588.002 Vulnerabilities - T1588.006 Credentials In Files - T1081 Hidden Files And Directories - T1158
Show in Graph
Common Information
Type Value
UUID 1b2d59fb-eb57-4ae7-9387-8c69f04fad3a
Fingerprint 3d0e9cd19fb7838d
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 26, 2022, midnight
Added to db Oct. 15, 2024, 11:02 p.m.
Last updated Nov. 17, 2024, 5:46 p.m.
Headline Threat Actors Target AWS EC2 Workloads to Steal Credentials
Title Threat Actors Target AWS EC2 Workloads to Steal Credentials
Detected Hints/Tags/Attributes 58/2/11
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_nl/research/22/j/threat-actors-target-aws-ec2-workloads-to-steal-credentials.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Attributes
Details Type #Events CTI Value
Details CVE 17 
cve-2021-40438
Details Domain 77 
amazonaws.com
Details Domain 30 
init.sh
Details Domain 3 
amazon2aws.com
Details Domain 295 
amazon.com
Details Domain 19 
teamtnt.red
Details Domain 2 
trojan.sh.dloadr.bj
Details File 2 
ipranges.txt
Details sha256 1 
ae01fb6c4ab1cf3c12b53ae927e9a4e0b0bc63fe73e4313be223c9f49bdd03fe
Details MITRE ATT&CK Techniques 89 
T1552.001
Details MITRE ATT&CK Techniques 94 
T1564.001