EXPLORE
← Back to Explore
T1578

Modify Cloud Compute Infrastructure

An adversary may attempt to modify a cloud account's compute service infrastructure to evade defenses. A modification to the compute service infrastructure can include the creation, deletion, or modification of one or more components such as compute instances, virtual machines, and snapshots. Permissions gained from the modification of infrastructure components may bypass restrictions that prevent access to existing infrastructure. Modifying infrastructure components may also allow an adversary...

IaaS
23
Detections
3
Sources
0
Threat Actors

BY SOURCE

21elastic1kql1sigma

PROCEDURES (19)

Cloud3 detections

Auto-extracted: 3 detections for cloud

Persist2 detections

Auto-extracted: 2 detections for persist

Aws2 detections

Auto-extracted: 2 detections for aws

Credential1 detections

Auto-extracted: 1 detections for credential

Encrypt1 detections

Auto-extracted: 1 detections for encrypt

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

C21 detections

Auto-extracted: 1 detections for c2

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

Bypass1 detections

Auto-extracted: 1 detections for bypass

Api1 detections

Auto-extracted: 1 detections for api

Service1 detections

Auto-extracted: 1 detections for service

Api1 detections

Auto-extracted: 1 detections for api

Bypass1 detections

Auto-extracted: 1 detections for bypass

Bypass1 detections

Auto-extracted: 1 detections for bypass

Azure1 detections

Auto-extracted: 1 detections for azure

C21 detections

Auto-extracted: 1 detections for c2

Encrypt1 detections

Auto-extracted: 1 detections for encrypt

Cloud1 detections

Auto-extracted: 1 detections for cloud

Script Execution Monitoring1 detections

Auto-extracted: 1 detections for script execution monitoring

DETECTIONS (23)