AWS IAM Backdoor Users Keys (0a5177f4-6ca9-44c2-aacf-d3f3d8b6e4d2)
Detects AWS API key creation for a user by another user. Backdoored users can be used to obtain persistence in the AWS environment. Also with this alert, you can detect a flow of AWS keys in your org.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) | Attack Pattern | AWS IAM Backdoor Users Keys (0a5177f4-6ca9-44c2-aacf-d3f3d8b6e4d2) | Sigma-Rules | 1 |