-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy path218007301253_CloudTrail_us-east-1_20230710T1225Z_4iD2boYSOwmb6sWd.json
1 lines (1 loc) · 15.5 KB
/
218007301253_CloudTrail_us-east-1_20230710T1225Z_4iD2boYSOwmb6sWd.json
1
{"Records":[{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:19:38Z","eventSource":"rds.amazonaws.com","eventName":"DescribeDBInstances","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_06a62bf9-ef89-43a1-a17b-5234dcbf4cb4 HashiCorp-terraform-exec/0.17.3","requestParameters":{"dBInstanceIdentifier":"terraform-20230710121504061500000001"},"responseElements":null,"requestID":"9298921f-16b9-48fc-ae3c-f19999fb0797","eventID":"9315083d-47f7-4f3d-aafb-1d47faaeb2e8","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"rds.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:21:33Z","eventSource":"rds.amazonaws.com","eventName":"DescribeDBSnapshots","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_06a62bf9-ef89-43a1-a17b-5234dcbf4cb4 HashiCorp-terraform-exec/0.17.3","requestParameters":{"includePublic":false,"dBSnapshotIdentifier":"exfiltration","includeShared":false},"responseElements":null,"requestID":"8f1799a7-b750-436e-8d46-078bdff4a328","eventID":"5eeb7559-5684-48c2-9583-a4309fed632b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"rds.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:21:43Z","eventSource":"rds.amazonaws.com","eventName":"DescribeDBSnapshots","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_06a62bf9-ef89-43a1-a17b-5234dcbf4cb4 HashiCorp-terraform-exec/0.17.3","requestParameters":{"dBSnapshotIdentifier":"exfiltration","includeShared":false,"includePublic":false},"responseElements":null,"requestID":"783cedb0-1d6d-4ccf-95ab-35f416a23e4f","eventID":"bc016a58-6ee3-4101-8d9c-f75230f23303","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"rds.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:22:33Z","eventSource":"iam.amazonaws.com","eventName":"GetUser","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_0362e208-cc47-4ba7-9c39-195518d6e937 HashiCorp-terraform-exec/0.17.3","requestParameters":null,"responseElements":null,"requestID":"2c512bc9-cc2d-49d9-b5df-284d515aeab4","eventID":"8656ded3-e752-4106-8180-7275d8de6bad","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:22:33Z","eventSource":"iam.amazonaws.com","eventName":"GetUser","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_0362e208-cc47-4ba7-9c39-195518d6e937 HashiCorp-terraform-exec/0.17.3","requestParameters":null,"responseElements":null,"requestID":"8bdd46bd-d268-40d1-88b7-e9ae5f6127a0","eventID":"f3641baa-b515-4715-8205-813f97371172","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:22:34Z","eventSource":"s3.amazonaws.com","eventName":"GetBucketTagging","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"[APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_0362e208-cc47-4ba7-9c39-195518d6e937 HashiCorp-terraform-exec/0.17.3]","errorCode":"NoSuchTagSet","errorMessage":"The TagSet does not exist","requestParameters":{"tagging":"","bucketName":"stratus-red-team-bdbp-lhfzvgcamn","Host":"stratus-red-team-bdbp-lhfzvgcamn.s3.amazonaws.com"},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"KMhl6RUa6P3kLi7VmQdVli/kXkZ6V9Qf1zfvpgS3XXfxAwxh2TzG9URWqXd+57G7ez3/7u2yhHQ=","bytesTransferredOut":312},"requestID":"J97F2ZKEBN5CC39D","eventID":"46d69c3f-054c-4567-8da5-7cf0bc220596","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::S3::Bucket","ARN":"arn:aws:s3:::stratus-red-team-bdbp-lhfzvgcamn"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"stratus-red-team-bdbp-lhfzvgcamn.s3.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:22:36Z","eventSource":"s3.amazonaws.com","eventName":"GetBucketWebsite","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"[APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_0362e208-cc47-4ba7-9c39-195518d6e937 HashiCorp-terraform-exec/0.17.3]","errorCode":"NoSuchWebsiteConfiguration","errorMessage":"The specified bucket does not have a website configuration","requestParameters":{"bucketName":"stratus-red-team-bdbp-lhfzvgcamn","website":"","Host":"stratus-red-team-bdbp-lhfzvgcamn.s3.amazonaws.com"},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"N8+xj4rNd6GGXbAOJb0ADRledTDQCXlt1tbm9/We358kI23SDGJz876vg9mMJushYOcZB8b3UjQ=","bytesTransferredOut":359},"requestID":"6P7XJHY99VFX4YAF","eventID":"1e9e8ee8-1e67-47f2-b4f8-fcbae50c89d3","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::S3::Bucket","ARN":"arn:aws:s3:::stratus-red-team-bdbp-lhfzvgcamn"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"stratus-red-team-bdbp-lhfzvgcamn.s3.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:22:38Z","eventSource":"s3.amazonaws.com","eventName":"GetBucketLifecycle","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"[APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_0362e208-cc47-4ba7-9c39-195518d6e937 HashiCorp-terraform-exec/0.17.3]","errorCode":"NoSuchLifecycleConfiguration","errorMessage":"The lifecycle configuration does not exist","requestParameters":{"lifecycle":"","bucketName":"stratus-red-team-bdbp-lhfzvgcamn","Host":"stratus-red-team-bdbp-lhfzvgcamn.s3.amazonaws.com"},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"H2mobK2GnciGWlRT42tmMjvBqTWtOtK4kZlT0RSKDcfZzrYDcsomqvjVMLp78+kDBIT/nwdQTZQ=","bytesTransferredOut":306},"requestID":"TH9RWGGZ00M8E4V1","eventID":"0b826dc1-2095-42f2-afb1-e37abe4a047b","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::S3::Bucket","ARN":"arn:aws:s3:::stratus-red-team-bdbp-lhfzvgcamn"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"stratus-red-team-bdbp-lhfzvgcamn.s3.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:22:39Z","eventSource":"s3.amazonaws.com","eventName":"GetBucketReplication","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"[APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_0362e208-cc47-4ba7-9c39-195518d6e937 HashiCorp-terraform-exec/0.17.3]","errorCode":"ReplicationConfigurationNotFoundError","errorMessage":"The replication configuration was not found","requestParameters":{"replication":"","bucketName":"stratus-red-team-bdbp-lhfzvgcamn","Host":"stratus-red-team-bdbp-lhfzvgcamn.s3.amazonaws.com"},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"KDHWOQ1dwsFyIcDrtHE6uJk0cauX/Ra8bPq/LLNsig539wcJPDYO2MbGOHN1TJtA+Lq4LhwH+ZOV8+jH3QW67lfjDOC2vAf3NDQGNr81czU=","bytesTransferredOut":387},"requestID":"D1V3TMV5NQ0S05DS","eventID":"1ff96e72-dea7-428f-9811-f9a76b9889df","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::S3::Bucket","ARN":"arn:aws:s3:::stratus-red-team-bdbp-lhfzvgcamn"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"stratus-red-team-bdbp-lhfzvgcamn.s3.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:23:05Z","eventSource":"iam.amazonaws.com","eventName":"GetUser","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/dev (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go-v2/1.16.4 os/linux lang/go/1.17.6 md/GOOS/linux md/GOARCH/amd64 api/iam/1.18.4 stratus-red-team_01190e38-873e-4cc4-aede-7ceb7ffc2a4a HashiCorp-terraform-exec/0.17.3","requestParameters":null,"responseElements":null,"requestID":"4d69335f-8f41-4b01-b288-b1a5f370c132","eventID":"b8f8bd37-ac6f-44a0-b1e3-aa0122ef9f70","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSCYG26CT6RI","arn":"arn:aws:iam::123837392027:user/stratus-red-team-nmfalu-gfjyeaypjt","accountId":"123837392027","userName":"stratus-red-team-nmfalu-gfjyeaypjt"},"eventTime":"2023-07-10T12:23:15Z","eventSource":"signin.amazonaws.com","eventName":"ConsoleLogin","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"stratus-red-team_01190e38-873e-4cc4-aede-7ceb7ffc2a4a","requestParameters":null,"responseElements":{"ConsoleLogin":"Success"},"additionalEventData":{"LoginTo":"https://console.aws.amazon.com/console/home","MobileVersion":"No","MFAUsed":"No"},"eventID":"70e5932e-9022-4b38-837e-ca10dad94eb7","readOnly":false,"eventType":"AwsConsoleSignIn","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.3","cipherSuite":"TLS_AES_128_GCM_SHA256","clientProvidedHostHeader":"signin.aws.amazon.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:24:28Z","eventSource":"iam.amazonaws.com","eventName":"GetUser","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_61e3765a-ab18-4da8-b5ac-4ec10986ed4b HashiCorp-terraform-exec/0.17.3","requestParameters":{"userName":"stratus-red-team-backdoor-u-user"},"responseElements":null,"requestID":"65f8afe5-43e4-4abc-ad8d-ecb055b0fa34","eventID":"be83b5ee-371f-425a-95ae-ff1a096219d4","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}}]}