T1619Techniquediscoveryagent-callable

T1619Cloud Storage Object Discovery

Platforms: IaaS

ATT&CK version: 14.1

What it is

Adversaries may enumerate objects in cloud storage infrastructure. Adversaries may use this information during automated discovery to shape follow-on behaviors, including requesting all or specific objects from cloud storage. Similar to [File and Directory Discovery](https://attack.mitre.org/techniques/T1083) on a local host, after identifying available storage services (i.e. [Cloud Infrastructure Discovery](https://attack.mitre.org/techniques/T1580)) adversaries may access the contents/objects stored in cloud infrastructure. Cloud service providers offer APIs allowing users to enumerate objects stored within cloud storage. Examples include ListObjectsV2 in AWS (Citation: ListObjectsV2) and List Blobs in Azure(Citation: List Blobs) .

ATT&CK tactics· 1

Discovery

References

  1. https://attack.mitre.org/techniques/T1619
  2. https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html
  3. https://docs.microsoft.com/en-us/rest/api/storageservices/list-blobs
Sourced from MITRE ATT&CK Enterprise v14.1. Curated and contextualized for EU compliance use cases by Adam Lundqvist, Founder at SQUR.