EXPLORE
Sign In
← Back to Explore
T1586.003

Cloud Accounts

Adversaries may compromise cloud accounts that can be used during targeting. Adversaries can use compromised cloud accounts to further their operations, including leveraging cloud storage services such as Dropbox, Microsoft OneDrive, or AWS S3 buckets for [Exfiltration to Cloud Storage](https://attack.mitre.org/techniques/T1567/002) or to [Upload Tool](https://attack.mitre.org/techniques/T1608/002)s. Cloud accounts can also be used in the acquisition of infrastructure, such as [Virtual Private S...

PRE
36
Detections
2
Sources
1
Threat Actors

BY SOURCE

35splunk_escu1sigma

PROCEDURES (16)

Unusual4 detections

Auto-extracted: 4 detections for unusual

Persist4 detections

Auto-extracted: 4 detections for persist

Credential4 detections

Auto-extracted: 4 detections for credential

Lateral3 detections

Auto-extracted: 3 detections for lateral

Exfiltrat3 detections

Auto-extracted: 3 detections for exfiltrat

Bypass3 detections

Auto-extracted: 3 detections for bypass

Spray2 detections

Auto-extracted: 2 detections for spray

Azure2 detections

Auto-extracted: 2 detections for azure

Encrypt2 detections

Auto-extracted: 2 detections for encrypt

Api2 detections

Auto-extracted: 2 detections for api

Service2 detections

Auto-extracted: 2 detections for service

Suspicious1 detections

Auto-extracted: 1 detections for suspicious

Authentication Monitoring1 detections

Auto-extracted: 1 detections for authentication monitoring

Suspicious1 detections

Auto-extracted: 1 detections for suspicious

Azure1 detections

Auto-extracted: 1 detections for azure

Privilege1 detections

Auto-extracted: 1 detections for privilege

THREAT ACTORS (1)

APT29

DETECTIONS (36)

ASL AWS Credential Access GetPasswordData
splunk_escu
ASL AWS Credential Access RDS Password reset
splunk_escu
ASL AWS Multi-Factor Authentication Disabled
splunk_escu
AWS Console Login Failed During MFA Challenge
splunk_escu
AWS Credential Access Failed Login
splunk_escu
AWS Credential Access GetPasswordData
splunk_escu
AWS Credential Access RDS Password reset
splunk_escu
AWS Multi-Factor Authentication Disabled
splunk_escu
AWS Multiple Failed MFA Requests For User
splunk_escu
AWS Successful Single-Factor Authentication
splunk_escu
AWS Unusual Number of Failed Authentications From Ip
splunk_escu
Azure Active Directory High Risk Sign-in
splunk_escu
Azure AD Authentication Failed During MFA Challenge
splunk_escu
Azure AD Multi-Factor Authentication Disabled
splunk_escu
Azure AD Multi-Source Failed Authentications Spike
splunk_escu
Azure AD Multiple Failed MFA Requests For User
splunk_escu
Azure AD Multiple Users Failing To Authenticate From Ip
splunk_escu
Azure AD Successful PowerShell Authentication
splunk_escu
Azure AD Successful Single-Factor Authentication
splunk_escu
Azure AD Unusual Number of Failed Authentications From Ip
splunk_escu
Detect AWS Console Login by New User
splunk_escu
Detect AWS Console Login by User from New City
splunk_escu
Detect AWS Console Login by User from New Country
splunk_escu
Detect AWS Console Login by User from New Region
splunk_escu
GCP Authentication Failed During MFA Challenge
splunk_escu
GCP Multi-Factor Authentication Disabled
splunk_escu
GCP Multiple Failed MFA Requests For User
splunk_escu
GCP Multiple Users Failing To Authenticate From Ip
splunk_escu
GCP Successful Single-Factor Authentication
splunk_escu
GCP Unusual Number of Failed Authentications From Ip
splunk_escu
O365 Multi-Source Failed Authentications Spike
splunk_escu
O365 Multiple Users Failing To Authenticate From Ip
splunk_escu
Okta Authentication Failed During MFA Challenge
splunk_escu
Okta Successful Single Factor Authentication
splunk_escu
Okta Suspicious Activity Reported by End-user
sigmahigh
Okta User Logins from Multiple Cities
splunk_escu