T1619 Cloud Storage Object Discovery Mappings

Adversaries may enumerate objects in cloud storage infrastructure. Adversaries may use this information during automated discovery to shape follow-on behaviors, including requesting all or specific objects from cloud storage. Similar to File and Directory Discovery on a local host, after identifying available storage services (i.e. Cloud Infrastructure Discovery) adversaries may access the contents/objects stored in cloud infrastructure.

Cloud service providers offer APIs allowing users to enumerate objects stored within cloud storage. Examples include ListObjectsV2 in AWS (Citation: ListObjectsV2) and List Blobs in Azure(Citation: List Blobs) .

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-17 Remote Access Protects T1619 Cloud Storage Object Discovery
AC-02 Account Management Protects T1619 Cloud Storage Object Discovery
AC-03 Access Enforcement Protects T1619 Cloud Storage Object Discovery
AC-05 Separation of Duties Protects T1619 Cloud Storage Object Discovery
AC-06 Least Privilege Protects T1619 Cloud Storage Object Discovery
CM-05 Access Restrictions for Change Protects T1619 Cloud Storage Object Discovery
IA-02 Identification and Authentication (organizational Users) Protects T1619 Cloud Storage Object Discovery