Skip to content

Hide Navigation Hide TOC

PUA - AWS TruffleHog Execution (a840e606-7c8c-4684-9bc1-eb6b6155127f)

Detects the execution of TruffleHog, a popular open-source tool used for scanning repositories for secrets and sensitive information, within an AWS environment. It has been reported to be used by threat actors for credential harvesting. All detections should be investigated to determine if the usage is authorized by security teams or potentially malicious.

Cluster A Galaxy A Cluster B Galaxy B Level
PUA - AWS TruffleHog Execution (a840e606-7c8c-4684-9bc1-eb6b6155127f) Sigma-Rules Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 1
PUA - AWS TruffleHog Execution (a840e606-7c8c-4684-9bc1-eb6b6155127f) Sigma-Rules OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 1