EXPLORE
Sign In
← Back to Explore
T1059.009

Cloud API

Adversaries may abuse cloud APIs to execute malicious commands. APIs available in cloud environments provide various functionalities and are a feature-rich method for programmatic access to nearly all aspects of a tenant. These APIs may be utilized through various methods such as command line interpreters (CLIs), in-browser Cloud Shells, [PowerShell](https://attack.mitre.org/techniques/T1059/001) modules like Azure for PowerShell(Citation: Microsoft - Azure PowerShell), or software developer kit...

IaaSIdentity ProviderOffice SuiteSaaS
5
Detections
3
Sources
3
Threat Actors

BY SOURCE

3sigma1elastic1splunk_escu

PROCEDURES (4)

Cloud Monitoring2 detections

Auto-extracted: 2 detections for cloud monitoring

Service Monitoring1 detections

Auto-extracted: 1 detections for service monitoring

File Monitoring1 detections

Auto-extracted: 1 detections for file monitoring

Module Load Monitoring1 detections

Auto-extracted: 1 detections for module load monitoring

THREAT ACTORS (3)

APT29Storm-0501TeamTNT

DETECTIONS (5)

AWS CloudShell Environment Created
elasticlow
AWS IAM S3Browser LoginProfile Creation
sigmahigh
AWS IAM S3Browser Templated S3 Bucket Policy Creation
sigmahigh
AWS IAM S3Browser User or AccessKey Creation
sigmahigh
Windows SQL Server Extended Procedure DLL Loading Hunt
splunk_escu