EXPLORE
← Back to Explore
T1651

Cloud Administration Command

Adversaries may abuse cloud management services to execute commands within virtual machines. Resources such as AWS Systems Manager, Azure RunCommand, and Runbooks allow users to remotely run scripts in virtual machines by leveraging installed virtual machine agents. (Citation: AWS Systems Manager Run Command)(Citation: Microsoft Run Command) If an adversary gains administrative access to a cloud environment, they may be able to abuse cloud management services to execute commands in the environm...

IaaS
13
Detections
1
Sources
2
Threat Actors

BY SOURCE

13elastic

PROCEDURES (12)

Service2 detections

Auto-extracted: 2 detections for service

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

Lateral1 detections

Auto-extracted: 1 detections for lateral

Credential1 detections

Auto-extracted: 1 detections for credential

Azure1 detections

Auto-extracted: 1 detections for azure

Remote1 detections

Auto-extracted: 1 detections for remote

Privilege1 detections

Auto-extracted: 1 detections for privilege

Credential1 detections

Auto-extracted: 1 detections for credential

Persist1 detections

Auto-extracted: 1 detections for persist

Api1 detections

Auto-extracted: 1 detections for api

Lateral1 detections

Auto-extracted: 1 detections for lateral

Powershell1 detections

Auto-extracted: 1 detections for powershell

THREAT ACTORS (2)

DETECTIONS (13)