← Back to Explore
T1535
Unused/Unsupported Cloud Regions
Adversaries may create cloud instances in unused geographic service regions in order to evade detection. Access is usually obtained through compromising accounts used to manage cloud infrastructure. Cloud service providers often provide infrastructure throughout the world in order to improve performance, provide redundancy, and allow customers to meet compliance requirements. Oftentimes, a customer will only use a subset of the available regions and may not actively monitor other regions. If an...
IaaS
5
Detections
1
Sources
0
Threat Actors
BY SOURCE
5splunk_escu
PROCEDURES (3)
Credential3 detections
Auto-extracted: 3 detections for credential
Exfiltrat1 detections
Auto-extracted: 1 detections for exfiltrat
Exfiltrat1 detections
Auto-extracted: 1 detections for exfiltrat
DETECTIONS (5)
AWS Successful Console Authentication From Multiple IPs
splunk_escu
Cloud Compute Instance Created In Previously Unused Region
splunk_escu
Detect AWS Console Login by User from New City
splunk_escu
Detect AWS Console Login by User from New Country
splunk_escu
Detect AWS Console Login by User from New Region
splunk_escu