List of all Attack Techniques

This page contains the list of all Stratus Attack Techniques.

Name	Platform	MITRE ATT&CK Tactics
Retrieve EC2 Password Data	AWS	Credential Access
Steal EC2 Instance Credentials	AWS	Credential Access
Retrieve a High Number of Secrets Manager secrets (Batch)	AWS	Credential Access
Retrieve a High Number of Secrets Manager secrets	AWS	Credential Access
Retrieve And Decrypt SSM Parameters	AWS	Credential Access
Delete CloudTrail Trail	AWS	Defense Evasion
Disable CloudTrail Logging Through Event Selectors	AWS	Defense Evasion
CloudTrail Logs Impairment Through S3 Lifecycle Rule	AWS	Defense Evasion
Stop CloudTrail Trail	AWS	Defense Evasion
Delete DNS query logs	AWS	Defense Evasion
Attempt to Leave the AWS Organization	AWS	Defense Evasion
Remove VPC Flow Logs	AWS	Defense Evasion
Execute Discovery Commands on an EC2 Instance	AWS	Discovery
Download EC2 Instance User Data	AWS	Discovery
Enumerate SES	AWS	Discovery
Launch Unusual EC2 instances	AWS	Execution
Execute Commands on EC2 Instance via User Data	AWS	Execution, Privilege Escalation
Usage of ssm:SendCommand on multiple instances	AWS	Execution
Usage of ssm:StartSession on multiple instances	AWS	Execution
Open Ingress Port 22 on a Security Group	AWS	Exfiltration
Exfiltrate an AMI by Sharing It	AWS	Exfiltration
Exfiltrate EBS Snapshot by Sharing It	AWS	Exfiltration
Exfiltrate RDS Snapshot by Sharing	AWS	Exfiltration
Backdoor an S3 Bucket via its Bucket Policy	AWS	Exfiltration
Invoke Bedrock Model	AWS	Impact
S3 Ransomware through batch file deletion	AWS	Impact
S3 Ransomware through client-side encryption	AWS	Impact
S3 Ransomware through individual file deletion	AWS	Impact
Console Login without MFA	AWS	Initial Access
Usage of EC2 Serial Console to push SSH public key	AWS	Lateral Movement
Usage of EC2 Instance Connect on multiple instances	AWS	Lateral Movement
Backdoor an IAM Role	AWS	Persistence
Create an Access Key on an IAM User	AWS	Persistence, Privilege Escalation
Create an administrative IAM User	AWS	Persistence, Privilege Escalation
Create a backdoored IAM Role	AWS	Persistence
Create a Login Profile on an IAM User	AWS	Persistence, Privilege Escalation
Backdoor Lambda Function Through Resource-Based Policy	AWS	Persistence
Add a Malicious Lambda Extension	AWS	Persistence, Privilege Escalation
Overwrite Lambda Function Code	AWS	Persistence
Create an IAM Roles Anywhere trust anchor	AWS	Persistence, Privilege Escalation
Generate temporary AWS credentials using GetFederationToken	AWS	Persistence
Change IAM user password	AWS	Privilege Escalation
Execute Command on Virtual Machine using Custom Script Extension	Azure	Execution
Execute Commands on Virtual Machine using Run Command	Azure	Execution
Export Disk Through SAS URL	Azure	Exfiltration
Create Azure VM Bastion shareable link	Azure	Persistence
Create Admin EKS Access Entry	EKS	Lateral Movement
Backdoor aws-auth EKS ConfigMap	EKS	Persistence, Privilege Escalation
Backdoor Entra ID application through service principal	Entra ID	Persistence, Privilege Escalation
Backdoor Entra ID application	Entra ID	Persistence, Privilege Escalation
Create Guest User	Entra ID	Persistence
Create Hidden Scoped Role Assignment Through HiddenMembership AU	Entra ID	Persistence
Create Application	Entra ID	Persistence, Privilege Escalation
Create Sticky Backdoor User Through Restricted Management AU	Entra ID	Persistence
Retrieve a High Number of Secret Manager secrets	GCP	Credential Access
Exfiltrate Compute Disk by sharing it	GCP	Exfiltration
Exfiltrate Compute Image by sharing it	GCP	Exfiltration
Exfiltrate Compute Disk by sharing a snapshot	GCP	Exfiltration
Backdoor a GCP Service Account through its IAM Policy	GCP	Persistence
Create an Admin GCP Service Account	GCP	Persistence, Privilege Escalation
Create a GCP Service Account Key	GCP	Persistence, Privilege Escalation
Invite an External User to a GCP Project	GCP	Persistence
Dump All Secrets	Kubernetes	Credential Access
Steal Pod Service Account Token	Kubernetes	Credential Access
Create Admin ClusterRole	Kubernetes	Persistence, Privilege Escalation
Create Client Certificate Credential	Kubernetes	Persistence
Create Long-Lived Token	Kubernetes	Persistence
Container breakout via hostPath volume mount	Kubernetes	Privilege Escalation
Privilege escalation through node/proxy permissions	Kubernetes	Privilege Escalation
Run a Privileged Pod	Kubernetes	Privilege Escalation
Impersonate GCP Service Accounts	GCP	Privilege Escalation