AWS Guard Duty: Ec2 with CryptoCurrency:EC2/BitcoinTool.B!DNS
GuardDuty finding was triggered for ec2 instance.
Blog
Exposed aws access key was used to add user to group
Orca detected that an exposed AWS access key was used to add user to group. This action may indicate of...
Lambda function that exposes secrets is reached from malicious IP address
Orca detected AWS lambda function {AwsLambdaFunction} with environment variables exposing AWS access key or secret. This action may indicate of...
AWS Guard Duty: User/role with UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration.InsideAWS
GuardDuty finding was triggered for aws user.
AWS Guard Duty: S3 Bucket with Exfiltration:S3/AnomalousBehavior
GuardDuty finding was triggered for s3 bucket.
AWS root account console login without MFA
Orca detected that the root account was used to login to AWS console without Multi-Factor Authentication (MFA). Lack of MFA...
EC2 Role is used from non-AWS IP address range
An EC2 role was used from an IP that doesn't fall within the whitelisted AWS IP range. The request could...
AWS Guard Duty: Ec2 with Trojan:EC2/DGADomainRequest.B
GuardDuty finding was triggered for ec2 instance.