EXPLORE
Sign In
← Back to Explore
T1648

Serverless Execution

Adversaries may abuse serverless computing, integration, and automation services to execute arbitrary code in cloud environments. Many cloud providers offer a variety of serverless resources, including compute engines, application integration services, and web servers. Adversaries may abuse these resources in various ways as a means of executing arbitrary commands. For example, adversaries may use serverless functions to execute malicious code, such as crypto-mining malware (i.e. [Resource Hij...

SaaSIaaSOffice Suite
5
Detections
1
Sources
0
Threat Actors

BY SOURCE

5elastic

PROCEDURES (3)

Persist2 detections

Auto-extracted: 2 detections for persist

General Monitoring2 detections

Auto-extracted: 2 detections for general monitoring

Aws1 detections

Auto-extracted: 1 detections for aws

DETECTIONS (5)

AWS Lambda Layer Added to Existing Function
elasticlow
Azure Automation Runbook Created or Modified
elasticlow
First Time AWS CloudFormation Stack Creation
elasticmedium
GitHub App Deleted
elasticlow
High Number of Cloned GitHub Repos From PAT
elasticlow