Tag
medium
advisory
Suspicious AWS EC2 Key Pair Import Activity
2 rules 1 TTPThe import of SSH key pairs into AWS EC2, as detected by CloudTrail logs, may indicate unauthorized access attempts, persistence establishment, or privilege escalation by an attacker.
Elastic Compute Cloud
aws
cloudtrail
ec2
keypair
initial-access
persistence
privilege-escalation
2r
1t
medium
advisory
Suspicious AWS EC2 Key Pair Creation from Non-Cloud AS
2 rules 3 TTPsAn AWS EC2 CreateKeyPair event triggered by a new principal originating from a network autonomous system (AS) organization not associated with major cloud providers, indicating potential unauthorized access or persistence activity.
Amazon EC2
aws
ec2
keypair
persistence
credential_access
lateral_movement
2r
3t