Product
medium
advisory
AWS S3 Credential File Retrieved from Bucket
2 rules 2 TTPsThis rule detects successful S3 GetObject calls targeting high-value credential and secret files commonly stored in S3 buckets, indicating potential credential access.
Amazon S3
credential-access
cloud
aws
2r
2t
high
threat
Webworm APT Updates TTPs with Discord and Microsoft Graph C2
2 rules 10 TTPs 1 CVE 1 IOCThe Webworm APT group is using updated tactics, techniques, and procedures, including new backdoors using Discord and Microsoft Graph API for command and control, custom proxy tools, and GitHub for malware staging, shifting focus to European governmental organizations.
Microsoft Graph API +4
Webworm
apt
discord
proxy tool
2r
10t
1c
1i