ABOUT
Overview
Use Cases
Mapping Methodology
Scoring Rubric
Related Projects
ATT&CK OBJECTS
Matrix
Tactics
Techniques
MAPPING FRAMEWORKS
About Mappings
Amazon Web Services (AWS)
Azure
CVE
Google Cloud Platform (GCP)
NIST 800-53
M365
VERIS
You're currently viewing ATT&CK Version 16.1 Enterprise and AWS 12.12.2024.
Change versions here.
Home
Mapping Frameworks
AWS Home
AWS Config
AWS
aws_config
Mappings
AWS Config rules evaluate the configuration settings of AWS resources in order to detect resources that are out of compliance with internal policies and best practices.
Mappings
ATT&CK Version
16.1
ATT&CK Domain
Enterprise
AWS
12.12.2024
Change Versions
Capability ID
Capability Description
Category
Value
ATT&CK ID
ATT&CK Name
aws_config
AWS Config
protect
minimal
T1020
Automated Exfiltration
aws_config
AWS Config
protect
partial
T1020.001
Traffic Duplication
aws_config
AWS Config
protect
partial
T1040
Network Sniffing
aws_config
AWS Config
protect
minimal
T1053
Scheduled Task/Job
aws_config
AWS Config
protect
partial
T1053.007
Container Orchestration Job
aws_config
AWS Config
protect
partial
T1068
Exploitation for Privilege Escalation
aws_config
AWS Config
protect
minimal
T1078
Valid Accounts
aws_config
AWS Config
protect
significant
T1078.004
Cloud Accounts
aws_config
AWS Config
protect
minimal
T1098
Account Manipulation
aws_config
AWS Config
protect
partial
T1098.001
Additional Cloud Credentials
aws_config
AWS Config
protect
partial
T1098.005
Device Registration
aws_config
AWS Config
protect
significant
T1110
Brute Force
aws_config
AWS Config
protect
significant
T1110.001
Password Guessing
aws_config
AWS Config
protect
significant
T1110.002
Password Cracking
aws_config
AWS Config
protect
significant
T1110.003
Password Spraying
aws_config
AWS Config
protect
significant
T1110.004
Credential Stuffing
aws_config
AWS Config
protect
minimal
T1119
Automated Collection
aws_config
AWS Config
protect
minimal
T1136
Create Account
aws_config
AWS Config
protect
partial
T1136.003
Cloud Account
aws_config
AWS Config
protect
partial
T1190
Exploit Public-Facing Application
aws_config
AWS Config
protect
partial
T1203
Exploitation for Client Execution
aws_config
AWS Config
detect
minimal
T1204
User Execution
aws_config
AWS Config
detect
significant
T1204.003
Malicious Image
aws_config
AWS Config
protect
partial
T1210
Exploitation of Remote Services
aws_config
AWS Config
protect
partial
T1211
Exploitation for Defense Evasion
aws_config
AWS Config
protect
partial
T1212
Exploitation for Credential Access
aws_config
AWS Config
protect
partial
T1485
Data Destruction
aws_config
AWS Config
protect
partial
T1486
Data Encrypted for Impact
aws_config
AWS Config
protect
significant
T1491
Defacement
aws_config
AWS Config
protect
significant
T1491.001
Internal Defacement
aws_config
AWS Config
protect
significant
T1491.002
External Defacement
aws_config
AWS Config
detect
partial
T1496
Resource Hijacking
aws_config
AWS Config
protect
minimal
T1498
Network Denial of Service
aws_config
AWS Config
protect
minimal
T1498.001
Direct Network Flood
aws_config
AWS Config
protect
minimal
T1498.002
Reflection Amplification
aws_config
AWS Config
protect
minimal
T1499
Endpoint Denial of Service
aws_config
AWS Config
protect
minimal
T1499.001
OS Exhaustion Flood
aws_config
AWS Config
protect
minimal
T1499.002
Service Exhaustion Flood
aws_config
AWS Config
protect
minimal
T1499.003
Application Exhaustion Flood
aws_config
AWS Config
protect
minimal
T1499.004
Application or System Exploitation
aws_config
AWS Config
detect
minimal
T1525
Implant Internal Image
aws_config
AWS Config
protect
significant
T1530
Data from Cloud Storage Object
aws_config
AWS Config
protect
significant
T1538
Cloud Service Dashboard
aws_config
AWS Config
protect
partial
T1552
Unsecured Credentials
aws_config
AWS Config
protect
partial
T1552.001
Credentials In Files
aws_config
AWS Config
protect
partial
T1552.005
Cloud Instance Metadata API
aws_config
AWS Config
protect
partial
T1552.007
Container API
aws_config
AWS Config
protect
minimal
T1557
Man-in-the-Middle
aws_config
AWS Config
detect
minimal
T1562
Impair Defenses
aws_config
AWS Config
detect
partial
T1562.001
Disable or Modify Tools
aws_config
AWS Config
detect
significant
T1562.007
Disable or Modify Cloud Firewall
aws_config
AWS Config
detect
significant
T1562.008
Disable Cloud Logs
aws_config
AWS Config
detect
partial
T1578.005
Modify Cloud Compute Configurations
aws_config
AWS Config
protect
partial
T1609
Container Administration Command
aws_config
AWS Config
protect
partial
T1610
Deploy Container
aws_config
AWS Config
protect
partial
T1611
Escape to Host
aws_config
AWS Config
protect
partial
T1613
Container and Resource Discovery
aws_config
AWS Config
protect
significant
T1651
Cloud Administration Command