Skip to content

Hide Navigation Hide TOC

AWS STS AssumeRole Misuse (905d389b-b853-46d0-9d3d-dea0d3a3cd49)

Identifies the suspicious use of AssumeRole. Attackers could move laterally and escalate privileges.

Cluster A Galaxy A Cluster B Galaxy B Level
AWS STS AssumeRole Misuse (905d389b-b853-46d0-9d3d-dea0d3a3cd49) Sigma-Rules Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 1
AWS STS AssumeRole Misuse (905d389b-b853-46d0-9d3d-dea0d3a3cd49) Sigma-Rules Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern 1
AWS STS AssumeRole Misuse (905d389b-b853-46d0-9d3d-dea0d3a3cd49) Sigma-Rules Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) Attack Pattern 1
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51) Attack Pattern 2