Cloud Administration Command (T1651)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Cloud Administration Command

Associated Tactics

  • Execution

Execution (TA0002)

The adversary is trying to run malicious code. Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery.

View on ATT&CK

Procedure Examples

Description Source(s)
AWS. (n.d.). AWS Systems Manager Run Command. Retrieved March 13, 2023. AWS Systems Manager Run Command
Microsoft Threat Intelligence Center. (2021, October 25). NOBELIUM targeting delegated administrative privileges to facilitate broader attacks. Retrieved March 25, 2022. MSTIC Nobelium Oct 2021
Microsoft. (2023, March 10). Run scripts in your VM by using Run Command. Retrieved March 13, 2023. Microsoft Run Command