Skip to main content

Security ContentThreat Detection, Investigation, and Response for Public Cloud Guide

Amazon Web Services – MITRE ATT&CK Coverage by Use Case

Use Case

TTP Number

TTP Name

Abnormal Authentication & Access

TA0001

T1087.004

T1110

T1535

Initial Access

Account Discovery: Cloud Account

Brute Force

Unused/Unsupported Cloud Regions

Privilege Escalation

TA0004

TA0007

Privilege Escalation

Discovery

Cloud Data Protection

TA0001

TA0004

TA0009

T1074

T1113

T1530

T1580

Initial Access

Privilege Escalation

Collection

Data Staged

Screen Capture

Data from Cloud Storage Object

Cloud Infrastructure Discovery

Malware

TA0002

T1037

T1204.002

T1204.003

Execution

Boot or Logon Initialization Scripts

User Execution: Malicious File

User Execution: Malicious Image

Account Manipulation

TA0003

TA0004

TA0007

T1087.004

Persistence

Privilege Escalation

Discovery

Account Discovery: Cloud Account

Cryptomining

T1074

T1496

Data Staged

Resource Hijacking