Skip to main content

AWS API calls indicating setup of mass mailer script

ID:aws_mass_mailer_script_setup
Data type:AWS CloudTrail
Severity:
High
MITRE ATT&CK:TA0004:T1098

Description

AlphaSOC detected AWS API calls indicating the setup of a mass mailer script. Mass mailer scripts are tools designed to send large volumes of emails, often exploited by threat actors to send spam emails, launch phishing campaigns, or distribute malware attachments.

Impact

These API calls may indicate an ongoing compromise and potential misuse of AWS resources for malicious email campaigns. This can damage the organization's reputation, lead to blacklisting of IP addresses and domains, and potentially compromise other systems.

Severity

SeverityCondition
High
AWS API calls indicating setup of mass mailer script

Investigation and Remediation

Review AWS CloudTrail logs to investigate the account associated with the API calls and determine whether the actions were authorized. If unauthorized, reset the affected account credentials and assess the extent of potential damage.

Known False Positives

  • Legitimate large volume email campaigns