CreateLoginProfile

CSP: AWS

Tactics:

Persistence Privilege Escalation

Techniques:

T1098

Tags:

AWS IAM

Event

Creates a password for an IAM user, enabling them to sign into the AWS Management Console.

Security Context

• Account manipulation is a primary persistence technique, allowing adversaries to maintain access through modified permissions or credentials.

Log Source

CloudTrail

Sample Event

MITRE ATT&CK Mapping

Tactics: Persistence Privilege Escalation

Techniques:

• T1098 — Account Manipulation — Adversaries may manipulate accounts to maintain and/or elevate access to victim systems. Account manipulation may consist of any action that preserves or modifies adversary access to a compromised account, such as modifying credentials or permission groups.