← Back to Explore
T1651
Cloud Administration Command
Adversaries may abuse cloud management services to execute commands within virtual machines. Resources such as AWS Systems Manager, Azure RunCommand, and Runbooks allow users to remotely run scripts in virtual machines by leveraging installed virtual machine agents. (Citation: AWS Systems Manager Run Command)(Citation: Microsoft Run Command) If an adversary gains administrative access to a cloud environment, they may be able to abuse cloud management services to execute commands in the environm...
IaaS
7
Detections
1
Sources
1
Threat Actors
BY SOURCE
7elastic
PROCEDURES (6)
Service2 detections
Auto-extracted: 2 detections for service
Cloud1 detections
Auto-extracted: 1 detections for cloud
Powershell1 detections
Auto-extracted: 1 detections for powershell
Exfiltrat1 detections
Auto-extracted: 1 detections for exfiltrat
Exfiltrat1 detections
Auto-extracted: 1 detections for exfiltrat
C21 detections
Auto-extracted: 1 detections for c2
THREAT ACTORS (1)
DETECTIONS (7)
AWS EC2 LOLBin Execution via SSM SendCommand
elasticmedium
AWS SSM `SendCommand` Execution by Rare User
elasticlow
AWS SSM `SendCommand` with Run Shell Command Parameters
elasticmedium
AWS SSM Command Document Created by Rare User
elasticlow
Azure Compute VM Command Executed
elasticmedium
First Time AWS CloudFormation Stack Creation
elasticmedium
GCP Pub/Sub Topic Creation
elasticlow