Skip to content

Hide Navigation Hide TOC

PUA - AWS TruffleHog Execution (a840e606-7c8c-4684-9bc1-eb6b6155127f)

Detects the execution of TruffleHog, a popular open-source tool used for scanning repositories for secrets and sensitive information, within an AWS environment. It has been reported to be used by threat actors for credential harvesting. All detections should be investigated to determine if the usage is authorized by security teams or potentially malicious.

Cluster A Galaxy A Cluster B Galaxy B Level
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern PUA - AWS TruffleHog Execution (a840e606-7c8c-4684-9bc1-eb6b6155127f) Sigma-Rules 1
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern PUA - AWS TruffleHog Execution (a840e606-7c8c-4684-9bc1-eb6b6155127f) Sigma-Rules 1