ioc[.]one - OSINT Cyber Threat Intelligence Database

Threat Actors Target AWS EC2 Workloads to Steal Credentials

Tags

maec-delivery-vectors:

Watering Hole

attack-pattern:

Cloud Services - T1021.007 Credentials - T1589.001 Credentials In Files - T1552.001 Exploits - T1587.004 Exploits - T1588.005 Hidden Files And Directories - T1564.001 Hide Artifacts - T1628 Hide Artifacts - T1564 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Unsecured Credentials - T1552 Web Services - T1583.006 Web Services - T1584.006 Tool - T1588.002 Vulnerabilities - T1588.006 Credentials In Files - T1081 Hidden Files And Directories - T1158

Show in Graph

Common Information

Type	Value
UUID	7ca6d16d-c6e6-4472-b416-1102374675ef
Fingerprint	3d0e9cd1bfb7838d
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 26, 2022, midnight
Added to db	Oct. 15, 2024, 9:57 p.m.
Last updated	Nov. 17, 2024, 5:46 p.m.
Headline	Threat Actors Target AWS EC2 Workloads to Steal Credentials
Title	Threat Actors Target AWS EC2 Workloads to Steal Credentials
Detected Hints/Tags/Attributes	58/2/10

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_in/research/22/j/threat-actors-target-aws-ec2-workloads-to-steal-credentials.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	17		cve-2021-40438
Details	Domain	77		amazonaws.com
Details	Domain	30		init.sh
Details	Domain	3		amazon2aws.com
Details	Domain	295		amazon.com
Details	Domain	19		teamtnt.red
Details	Domain	2		trojan.sh.dloadr.bj
Details	File	2		ipranges.txt
Details	MITRE ATT&CK Techniques	89		T1552.001
Details	MITRE ATT&CK Techniques	94		T1564.001