T1583.007 - Serverless - PromptRiskDB

Record summary

A quick snapshot of what this page covers.

Records1Records included in this view.

SourcePublicBuilt from public source data.

ModeStaticPrepared as a ready-to-read page.

ATT&CK object

The broader cybersecurity technique connected to these AI records.

Adversaries may purchase and configure serverless cloud infrastructure, such as Cloudflare Workers, AWS Lambda functions, or Google Apps Scripts, that can be used during targeting. By utilizing serverless infrastructure, adversaries can make it more difficult to attribute infrastructure used during operations back to them.

Once acquired, the serverless runtime environment can be leveraged to either respond directly to infected machines or to Proxy traffic to an adversary-owned command and control server.(Citation: BlackWater Malware Cloudflare Workers)(Citation: AWS Lambda Redirector)(Citation: GWS Apps Script Abuse 2021) As traffic generated by these functions will appear to come from subdomains of common cloud providers, it may be difficult to distinguish from ordinary traffic to these providers - making it easier to Hide Infrastructure.(Citation: Detecting Command & Control in the Cloud)(Citation: BlackWater Malware Cloudflare Workers)

ATT&CK ID: T1583.007
STIX ID: attack-pattern--04a5a8ab-3bc8-4c83-95c9-55274a89786d
Name: Serverless
Connected AI records: 1

Connected AI records

AI security records connected to this cybersecurity technique.

AML.T0008.004 - Serverless

Confidence: 1.00

Kindatlas_techniqueLink typesame_or_related_attack_techniqueMethodexact_attack_external_id

Source

Where this page information comes from.

Original source

Original source links

Open the public records and source datasets used for this page.

Repositoryhttps://github.com/mitre-attack/attack-stix-data Enterprise JSONhttps://github.com/mitre-attack/attack-stix-data/blob/master/enterprise-attack/enterprise-attack.json MITRE ATT&CK objecthttps://attack.mitre.org/techniques/T1583/007/