awsattack_mitre_ttp_list.txt

    technique: aws__enum_account,
    tactic: [TA0001, TA0007],
    ttp_id: [T1078.004, T1087.004], 
--
    technique: aws__enum_spend
    tactic: [TA0001, TA0007],
    ttp_id: [T1078.004, T1082],
--
    technique: cloudtrail__download_event_history
    tactic: [TA0001, TA0007, TA0009], 
    ttp_id: [T1078.004, T1526, T1530],
--
    techinque: cloudwatch__download_logs
    tactic: [TA0001, TA0007, TA0009],
    ttp_id: [T1078.004, T1526 ,T1530],
--
    technique: codebuild__enum 
    tactic: [TA0001,TA0007, TA0009],
    ttp_id: [T1078.004, T1526, T1530],
--
    technique: detection__enum_services,
    tactic: [TA0001, TA00007],
    ttp_id: [T1078.004, T1526],
--
    technique: ebs__enum_volumes_snapshots,
    tactic: [TA0001, TA0007, TA0009],
    ttp_id: [T1078.004, T1526, T1530],
--
    technique: ec2__backdoor_ec2_sec_groups,
    tactic:  [TA0001, TA0007, TA0003],
    ttp_id: [T1078.004, T1526, T1098.b.004], (account manipulation, variant: modifyng rules)
--
    technique: ec2__check_termination_protection,
    tactic: [TA0001, TA0007, TA0005],
    ttp_id: [T1078.004, T1526, T1562.b.008], (b.008 variant: impairing a service)
--
    technique: enum__secrets,
    tactic: [TA0001, TA0007, TA0006],
    ttp_id: [T1078.004, T1526, T1552.b.007], (b.007 variant: credentials in a service)
--
    technique: iam__backdoor_users_password,
    tactic: [TA0001, TA0040],
    ttp_id: [T1078.004, T1531.b.001], (variant: Account Acces removal in Cloud env)
--
    technique: iam__bruteforce_permissions,
    tactic: [TA0001, TA0007] 
    ttp_id: [T1078.004, T1526, T1069.003],
--
    technique: iam__detect_honeytokens,
    tactic: [TA0001, TA0007, TA0005],
    ttp_id: [T1078.004, T1526, T1497.b.004], (variant: honeykeys evasion)
--
    technique: iam__enum_permissions,
    tactic: [TA0001, TA0007],
    ttp_id: [T1078.004, T1069.003],
--
    technique: iam__enum_users_roles_policies_groups,
    tactic: [TA0001, TA0007],
    ttp_id: [T1078.004, T1087, T1069],
--
    technique: iam__get_credential_report,
    tactic: [TA0001, TA0007, TA0009],
    ttp_id: [T1078.004, T1087.004, T1530],
--
    technique: iam__privesc_scan,
    tactic: [TA001, TA0007, TA0004, TA0010],
    ttp_id: [T1078.004, T1526, T1087.004, T1082, T1537],
--
    technique: inspector__get_reports,
    tactic: [TA0001, TA0007, TA0009],
    ttp_id: [T1078.004, T1526, T1530],
--
    technique: lambda__backdoor_new_roles,
    tactic: [TA0001, TA0003],
    ttp_id: [T1078.004, T1098.b.005], (Variant: Services Manipulation)
--
    technique: lambda__backdoor_new_sec_groups,
    tactic: [TA0001, TA003],
    ttp_id: [T1078.004, T1098.b.005], (Variant: Services Manipulation)
--
    technique: lambda__backdoor_new_users,
    tactic: [TA0001, TA0003],
    ttp_id: [T1078.004, T1078.004],
--
    technique: lambda__enum,
    tactic: [TA0001, TA0007],
    ttp_id: [T1078.004, T1526],
--
    technique: lightsail__download_ssh_keys,
    tactic: [TA0001, TA0007, TA0009],
    ttp_id: [T1078.004, T1526, T1530],
--
    technique: lightsail__enum, 
    tactic: [TA0001, TA0007], 
    ttp_id: [T1078.004, T1526], 
--
    technique: lightsail__generate_ssh_keys,
    tactic: [TA0001, TA0007, TA0009],
    ttp_id: [T1078.004, T1526, T1530, T1098.b.005] (Variant: Services Manipulation)
--
    technique: lightsail__generate_temp_access,
    tactic: [TA0001, TA0007, TA0009],
    ttp_id: [T1078.004, T1526, T1530],
--
    technique: rds__explore_snapshots,
    tactic: [TA0001, TA0007, TA0009],
    ttp_id: [T1078.004, T1526, T1530],
--
    technique: s3__download_bucket, 
    tactic: [TA0001, TA0007, TA0009],
    ttp_id: [T1078.004, T1526, T1530],