EXPLORE
Sign In
← Back to Explore
T1485.001

Lifecycle-Triggered Deletion

Adversaries may modify the lifecycle policies of a cloud storage bucket to destroy all objects stored within. Cloud storage buckets often allow users to set lifecycle policies to automate the migration, archival, or deletion of objects after a set period of time.(Citation: AWS Storage Lifecycles)(Citation: GCP Storage Lifecycles)(Citation: Azure Storage Lifecycles) If a threat actor has sufficient permissions to modify these policies, they may be able to delete all objects at once. For exam...

IaaS
4
Detections
2
Sources
0
Threat Actors

BY SOURCE

2elastic2splunk_escu

PROCEDURES (3)

Suspicious2 detections

Auto-extracted: 2 detections for suspicious

Aws1 detections

Auto-extracted: 1 detections for aws

Cloud Monitoring1 detections

Auto-extracted: 1 detections for cloud monitoring

DETECTIONS (4)

ASL AWS Defense Evasion PutBucketLifecycle
splunk_escu
AWS Defense Evasion PutBucketLifecycle
splunk_escu
AWS KMS Customer Managed Key Disabled or Scheduled for Deletion
elasticmedium
AWS S3 Bucket Expiration Lifecycle Configuration Added
elasticlow