Skip to content

List of all Attack Techniques

This page contains the list of all Stratus Attack Techniques.

Name Platform MITRE ATT&CK Tactics
Retrieve EC2 Password Data AWS Credential Access
Steal EC2 Instance Credentials AWS Credential Access
Retrieve a High Number of Secrets Manager secrets (Batch) AWS Credential Access
Retrieve a High Number of Secrets Manager secrets AWS Credential Access
Retrieve And Decrypt SSM Parameters AWS Credential Access
Delete CloudTrail Trail AWS Defense Evasion
Disable CloudTrail Logging Through Event Selectors AWS Defense Evasion
CloudTrail Logs Impairment Through S3 Lifecycle Rule AWS Defense Evasion
Stop CloudTrail Trail AWS Defense Evasion
Delete DNS query logs AWS Defense Evasion
Attempt to Leave the AWS Organization AWS Defense Evasion
Remove VPC Flow Logs AWS Defense Evasion
Execute Discovery Commands on an EC2 Instance AWS Discovery
Download EC2 Instance User Data AWS Discovery
Enumerate SES AWS Discovery
Launch Unusual EC2 instances AWS Execution
Execute Commands on EC2 Instance via User Data AWS Execution, Privilege Escalation
Usage of ssm:SendCommand on multiple instances AWS Execution
Usage of ssm:StartSession on multiple instances AWS Execution
Open Ingress Port 22 on a Security Group AWS Exfiltration
Exfiltrate an AMI by Sharing It AWS Exfiltration
Exfiltrate EBS Snapshot by Sharing It AWS Exfiltration
Exfiltrate RDS Snapshot by Sharing AWS Exfiltration
Backdoor an S3 Bucket via its Bucket Policy AWS Exfiltration
Invoke Bedrock Model AWS Impact
S3 Ransomware through batch file deletion AWS Impact
S3 Ransomware through client-side encryption AWS Impact
S3 Ransomware through individual file deletion AWS Impact
Console Login without MFA AWS Initial Access
Usage of EC2 Serial Console to push SSH public key AWS Lateral Movement
Usage of EC2 Instance Connect on multiple instances AWS Lateral Movement
Backdoor an IAM Role AWS Persistence
Create an Access Key on an IAM User AWS Persistence, Privilege Escalation
Create an administrative IAM User AWS Persistence, Privilege Escalation
Create a backdoored IAM Role AWS Persistence
Create a Login Profile on an IAM User AWS Persistence, Privilege Escalation
Backdoor Lambda Function Through Resource-Based Policy AWS Persistence
Add a Malicious Lambda Extension AWS Persistence, Privilege Escalation
Overwrite Lambda Function Code AWS Persistence
Create an IAM Roles Anywhere trust anchor AWS Persistence, Privilege Escalation
Generate temporary AWS credentials using GetFederationToken AWS Persistence
Change IAM user password AWS Privilege Escalation
Execute Command on Virtual Machine using Custom Script Extension Azure Execution
Execute Commands on Virtual Machine using Run Command Azure Execution
Export Disk Through SAS URL Azure Exfiltration
Create Azure VM Bastion shareable link Azure Persistence
Create Admin EKS Access Entry EKS Lateral Movement
Backdoor aws-auth EKS ConfigMap EKS Persistence, Privilege Escalation
Backdoor Entra ID application through service principal Entra ID Persistence, Privilege Escalation
Backdoor Entra ID application Entra ID Persistence, Privilege Escalation
Create Guest User Entra ID Persistence
Create Hidden Scoped Role Assignment Through HiddenMembership AU Entra ID Persistence
Create Application Entra ID Persistence, Privilege Escalation
Create Sticky Backdoor User Through Restricted Management AU Entra ID Persistence
Exfiltrate Compute Disk by sharing it GCP Exfiltration
Exfiltrate Compute Image by sharing it GCP Exfiltration
Exfiltrate Compute Disk by sharing a snapshot GCP Exfiltration
Backdoor a GCP Service Account through its IAM Policy GCP Persistence
Create an Admin GCP Service Account GCP Persistence, Privilege Escalation
Create a GCP Service Account Key GCP Persistence, Privilege Escalation
Invite an External User to a GCP Project GCP Persistence
Dump All Secrets Kubernetes Credential Access
Steal Pod Service Account Token Kubernetes Credential Access
Create Admin ClusterRole Kubernetes Persistence, Privilege Escalation
Create Client Certificate Credential Kubernetes Persistence
Create Long-Lived Token Kubernetes Persistence
Container breakout via hostPath volume mount Kubernetes Privilege Escalation
Privilege escalation through node/proxy permissions Kubernetes Privilege Escalation
Run a Privileged Pod Kubernetes Privilege Escalation
Impersonate GCP Service Accounts GCP Privilege Escalation