-
Notifications
You must be signed in to change notification settings - Fork 5
/
218007301253_CloudTrail_us-east-1_20230710T1205Z_nx9Yx1FyJdBaTqKj.json
1 lines (1 loc) · 12.8 KB
/
218007301253_CloudTrail_us-east-1_20230710T1205Z_nx9Yx1FyJdBaTqKj.json
1
{"Records":[{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T11:57:48Z","eventSource":"secretsmanager.amazonaws.com","eventName":"DescribeSecret","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_561fe49b-e6b4-44da-a587-f2c718eb578a HashiCorp-terraform-exec/0.17.3","requestParameters":{"secretId":"arn:aws:secretsmanager:us-east-1:123837392027:secret:stratus-red-team-retrieve-secret-5-iugd0p"},"responseElements":null,"requestID":"bee3d683-d4af-46bb-8f8f-7e61370c72ac","eventID":"51e081e7-664b-4fda-a6c7-99e098ce1ecd","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.3","cipherSuite":"TLS_AES_128_GCM_SHA256","clientProvidedHostHeader":"secretsmanager.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCQFE4U2M4","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T11:57:49Z","mfaAuthenticated":"false"}},"invokedBy":"secretsmanager.amazonaws.com"},"eventTime":"2023-07-10T11:57:49Z","eventSource":"kms.amazonaws.com","eventName":"GenerateDataKey","awsRegion":"us-east-1","sourceIPAddress":"secretsmanager.amazonaws.com","userAgent":"secretsmanager.amazonaws.com","requestParameters":{"keyId":"alias/aws/secretsmanager","encryptionContext":{"SecretARN":"arn:aws:secretsmanager:us-east-1:123837392027:secret:stratus-red-team-retrieve-secret-16-ZgthLn","SecretVersionId":"BE6E4AC9-7FA4-4E88-BD46-6BFCFDF1DACB"},"keySpec":"AES_256"},"responseElements":null,"requestID":"7dfd31d3-3f52-4faf-8540-1e89799fa0c7","eventID":"2f9e08cc-3373-421b-a953-e61074c38c34","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::KMS::Key","ARN":"arn:aws:kms:us-east-1:123837392027:key/dad21b23-9915-42bd-981b-2a9f3c8f20c8"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","vpcEndpointId":"vpce-0d985940f92611b87","eventCategory":"Management"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCSPD6BZ4Z","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T11:57:50Z","mfaAuthenticated":"false"}},"invokedBy":"secretsmanager.amazonaws.com"},"eventTime":"2023-07-10T11:57:50Z","eventSource":"kms.amazonaws.com","eventName":"Decrypt","awsRegion":"us-east-1","sourceIPAddress":"secretsmanager.amazonaws.com","userAgent":"secretsmanager.amazonaws.com","requestParameters":{"encryptionContext":{"SecretARN":"arn:aws:secretsmanager:us-east-1:123837392027:secret:stratus-red-team-retrieve-secret-5-iugd0p","SecretVersionId":"2849C79D-E0B2-42C6-8E7B-566C6526005D"},"encryptionAlgorithm":"SYMMETRIC_DEFAULT"},"responseElements":null,"requestID":"44b16713-3ef8-4d3c-8266-8a023f573cb6","eventID":"0b277755-1fc2-4824-9460-05bb0c46d0d2","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::KMS::Key","ARN":"arn:aws:kms:us-east-1:123837392027:key/dad21b23-9915-42bd-981b-2a9f3c8f20c8"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","vpcEndpointId":"vpce-0d985940f92611b87","eventCategory":"Management"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCR2OEHIX4","userName":"bert-jan","sessionContext":{"sessionIssuer":{},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T11:58:10Z","mfaAuthenticated":"false"}},"invokedBy":"AWS Internal"},"eventTime":"2023-07-10T11:58:27Z","eventSource":"kms.amazonaws.com","eventName":"Decrypt","awsRegion":"us-east-1","sourceIPAddress":"AWS Internal","userAgent":"AWS Internal","requestParameters":{"encryptionAlgorithm":"SYMMETRIC_DEFAULT","encryptionContext":{"PARAMETER_ARN":"arn:aws:ssm:us-east-1:123837392027:parameter/credentials/stratus-red-team/credentials-26"}},"responseElements":null,"requestID":"7160e681-0b2e-4108-9c5b-017c70f7d15d","eventID":"1d8e91fd-a41b-4b20-b93f-2c1930805724","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::KMS::Key","ARN":"arn:aws:kms:us-east-1:123837392027:key/0e5d0ab6-097e-49d8-99ef-747ce3e5f8f4"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management"},{"eventVersion":"1.08","userIdentity":{"type":"AssumedRole","principalId":"AROATFQR7NSC6Q6YRQ2Q7:i-0dbc91f429e48eeed","arn":"arn:aws:sts::123837392027:assumed-role/stratus-red-team-ec2-steal-credentials-role/i-0dbc91f429e48eeed","accountId":"123837392027","accessKeyId":"ASIATFQR7NSCSHSEVYP5","sessionContext":{"sessionIssuer":{"type":"Role","principalId":"AROATFQR7NSC6Q6YRQ2Q7","arn":"arn:aws:iam::123837392027:role/stratus-red-team-ec2-steal-credentials-role","accountId":"123837392027","userName":"stratus-red-team-ec2-steal-credentials-role"},"webIdFederationData":{},"attributes":{"creationDate":"2023-07-10T11:55:22Z","mfaAuthenticated":"false"},"ec2RoleDelivery":"2.0"}},"eventTime":"2023-07-10T11:58:13Z","eventSource":"ssm.amazonaws.com","eventName":"PutInventory","awsRegion":"us-east-1","sourceIPAddress":"3.225.16.109","userAgent":"aws-sdk-go/1.41.4 (go1.18.3; linux; amd64) amazon-ssm-agent/","requestParameters":{"instanceId":"i-0dbc91f429e48eeed","items":[{"typeName":"AWS:Network","schemaVersion":"1.0","captureTime":"2023-07-10T11:57:45Z","contentHash":"lDHZTHFNUyHYPLo8R7wPSA=="},{"typeName":"AWS:BillingInfo","schemaVersion":"1.0","captureTime":"2023-07-10T11:57:45Z","contentHash":"N6YlnMDB2uKZp4Zkid/wvQ=="},{"typeName":"AWS:InstanceDetailedInformation","schemaVersion":"1.0","captureTime":"2023-07-10T11:57:45Z","contentHash":"omMpn3JVX/I6oe7BzY9EFA=="},{"typeName":"AWS:Application","schemaVersion":"1.1","captureTime":"2023-07-10T11:57:45Z","contentHash":"M1LVyOGk7deedu/aVytRVg=="},{"typeName":"AWS:AWSComponent","schemaVersion":"1.0","captureTime":"2023-07-10T11:57:46Z","contentHash":"DLq350DMx3pp69NF6sJlfg=="}]},"responseElements":null,"requestID":"dbb09c3f-9e39-478c-a0ec-515fd3aa4a2a","eventID":"7e486988-6d22-4c5d-9b55-eba68b0f23d9","readOnly":false,"resources":[{"accountId":"123837392027","ARN":"arn:aws:ec2:us-east-1:123837392027:instance/i-0dbc91f429e48eeed"},{"accountId":"123837392027","ARN":"arn:aws:ssm:us-east-1:123837392027:managed-instance-inventory/i-0dbc91f429e48eeed"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ssm.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"AWSService","invokedBy":"cloudtrail.amazonaws.com"},"eventTime":"2023-07-10T12:00:31Z","eventSource":"s3.amazonaws.com","eventName":"GetBucketAcl","awsRegion":"us-east-1","sourceIPAddress":"cloudtrail.amazonaws.com","userAgent":"cloudtrail.amazonaws.com","requestParameters":{"bucketName":"stratus-red-team-ctlr-bucket-zqfsvooxqj","Host":"stratus-red-team-ctlr-bucket-zqfsvooxqj.s3.us-east-1.amazonaws.com","acl":""},"responseElements":null,"additionalEventData":{"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","bytesTransferredIn":0,"AuthenticationMethod":"AuthHeader","x-amz-id-2":"SDLilSr+c7w6cpAjm6VKBfGPzgyWc5T2RlnsRxvtXgOpDmNPO7mIFVMpgGJhyJWDiITgz/ygCHA=","bytesTransferredOut":552},"requestID":"2S8ETNRZSS2PZPNJ","eventID":"24239609-ea6d-43a3-8dad-894bebe7f6f1","readOnly":true,"resources":[{"accountId":"123837392027","type":"AWS::S3::Bucket","ARN":"arn:aws:s3:::stratus-red-team-ctlr-bucket-zqfsvooxqj"}],"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","sharedEventID":"01397393-6713-4e93-8e28-4f7a541d0e67","vpcEndpointId":"vpce-09392f888cd7298db","eventCategory":"Management"},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:01:53Z","eventSource":"iam.amazonaws.com","eventName":"ListRolePolicies","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_7d2a6913-ded3-49c6-a31c-0cdeebcc259c HashiCorp-terraform-exec/0.17.3","requestParameters":{"roleName":"stratus-red-team-leave-org-role"},"responseElements":null,"requestID":"f19f2ea5-3f5f-4fee-9c70-d1a5e4fed0a5","eventID":"54831bab-bae0-4ff0-9c44-e774243150a4","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:02:21Z","eventSource":"ec2.amazonaws.com","eventName":"DescribeVpcs","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_20f9795b-aa02-4c8e-bad6-bd338ec09f59 HashiCorp-terraform-exec/0.17.3","requestParameters":{"vpcSet":{"items":[{"vpcId":"vpc-0255d384b4b458b46"}]},"filterSet":{}},"responseElements":null,"requestID":"cbafb4ed-4aa7-486f-9156-52036314058c","eventID":"1f1320bc-4e7e-40ee-8fe3-05cafbd3b5a7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"ec2.us-east-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:02:22Z","eventSource":"iam.amazonaws.com","eventName":"GetRolePolicy","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_20f9795b-aa02-4c8e-bad6-bd338ec09f59 HashiCorp-terraform-exec/0.17.3","requestParameters":{"policyName":"stratus-red-team-remove-flow-logs-policy","roleName":"stratus-red-team-remove-flow-logs-role"},"responseElements":null,"requestID":"b36ca33c-2610-430b-8b2a-893fd7786874","eventID":"6d8d3c69-2c80-4d56-94c6-2ba0b7b87bb4","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDATFQR7NSC5AU2ZV3IE","arn":"arn:aws:iam::123837392027:user/bert-jan","accountId":"123837392027","accessKeyId":"AKIATFQR7NSC8Q4X20BJ","userName":"bert-jan"},"eventTime":"2023-07-10T12:02:43Z","eventSource":"iam.amazonaws.com","eventName":"GetRole","awsRegion":"us-east-1","sourceIPAddress":"192.168.10.20","userAgent":"APN/1.0 HashiCorp/1.0 Terraform/1.1.2 (+https://www.terraform.io) terraform-provider-aws/3.76.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.157 (go1.19.3; linux; amd64) stratus-red-team_9cbca289-7886-421c-b241-fcd2b1f14019 HashiCorp-terraform-exec/0.17.3","requestParameters":{"roleName":"stratus-red-team-get-usr-data-role"},"responseElements":null,"requestID":"13dabe81-d5bf-49c3-bb72-301db7a3be9c","eventID":"ed6d2d24-1a40-4898-80fe-e44311543aea","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"123837392027","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256","clientProvidedHostHeader":"iam.amazonaws.com"}}]}