Product
medium
advisory
AWS RDS DB Instance or Cluster Password Modification
2 rules 3 TTPsThe modification of the master password for an AWS RDS DB instance or cluster can indicate malicious activity used for persistence, privilege escalation, or defense evasion.
RDS
cloud
aws
persistence
2r
3t
medium
advisory
AWS RDS DB Instance Restored for Defense Evasion or Data Collection
3 rules 3 TTPsDetection of AWS RDS database instance restoration from a snapshot or S3 backup, potentially indicating unauthorized data access, defense evasion, or data collection by adversaries recreating database environments to bypass controls or exfiltrate sensitive data.
RDS
cloud
aws
defense-evasion
data-collection
3r
3t
medium
advisory
AWS RDS Snapshot Export to S3 for Potential Data Exfiltration
2 rules 1 TTPAn adversary may export RDS snapshots to Amazon S3 to exfiltrate sensitive data outside of RDS-managed storage, potentially bypassing database access controls and leading to unauthorized data theft.
RDS +1
aws
s3
exfiltration
cloudtrail
2r
1t