Find sigma rule
Attack: Cloud Storage Object Discovery
Adversaries may enumerate objects in cloud storage infrastructure. Adversaries may use this information during automated discovery to shape follow-on behaviors, including requesting all or specific objects from cloud storage. Similar to File and Directory Discovery on a local host, after identifying available storage services (i.e. Cloud Infrastructure Discovery) adversaries may access the contents/objects stored in cloud infrastructure.
Cloud service providers offer APIs allowing users to enumerate objects stored within cloud storage. Examples include ListObjectsV2 in AWS (Citation: ListObjectsV2) and List Blobs in Azure(Citation: List Blobs) .
MITRE
Tactic
- discovery
technique
- T1619
Test : AWS S3 Enumeration
OS
- iaas:aws
Description:
This test will enumerate all the S3 buckets in the user account and lists all the files in each bucket.
Executor
sh