Esc
Cloud Secrets Management Stores - T1555.006

(ATT&CK® Technique)
Definition

Adversaries may acquire credentials from cloud-native secret management solutions such as AWS Secrets Manager, GCP Secret Manager, Azure Key Vault, and Terraform Vault.
D3FEND Inferred Relationships

Browse the D3FEND knowledge graph by clicking on the nodes below.
        graph LR;

     T1555006["Cloud Secrets Management Stores"] --> |accesses| PasswordStore["Password Store"]; class T1555006 OffensiveTechniqueNode;
        class PasswordStore ArtifactNode; click PasswordStore href "/dao/artifact/d3f:PasswordStore";
        click T1555006 href "/offensive-technique/attack/T1555.006/"; click PasswordStore href "/dao/artifact/d3f:PasswordStore"; T1555006["Cloud Secrets Management Stores"] --> |may-access| DatabaseFile["Database File"]; class T1555006 OffensiveTechniqueNode;
        class DatabaseFile ArtifactNode; click DatabaseFile href "/dao/artifact/d3f:DatabaseFile";
        click T1555006 href "/offensive-technique/attack/T1555.006/"; click DatabaseFile href "/dao/artifact/d3f:DatabaseFile";DecoyFile["Decoy File"] -->
          | spoofs | DatabaseFile["Database File"];

          DecoyFile["Decoy File"] -.->
            | may-deceive | T1555006["Cloud Secrets Management Stores"] ;
          class DecoyFile DefensiveTechniqueNode;
          class DatabaseFile ArtifactNode;
          click DecoyFile href "/technique/d3f:DecoyFile"; FileIntegrityMonitoring["File Integrity Monitoring"] -->
          | analyzes | DatabaseFile["Database File"];

          FileIntegrityMonitoring["File Integrity Monitoring"] -.->
            | may-detect | T1555006["Cloud Secrets Management Stores"] ;
          class FileIntegrityMonitoring DefensiveTechniqueNode;
          class DatabaseFile ArtifactNode;
          click FileIntegrityMonitoring href "/technique/d3f:FileIntegrityMonitoring"; FileEviction["File Eviction"] -->
          | deletes | DatabaseFile["Database File"];

          FileEviction["File Eviction"] -.->
            | may-evict | T1555006["Cloud Secrets Management Stores"] ;
          class FileEviction DefensiveTechniqueNode;
          class DatabaseFile ArtifactNode;
          click FileEviction href "/technique/d3f:FileEviction"; FileEncryption["File Encryption"] -->
          | encrypts | DatabaseFile["Database File"];

          FileEncryption["File Encryption"] -.->
            | may-harden | T1555006["Cloud Secrets Management Stores"] ;
          class FileEncryption DefensiveTechniqueNode;
          class DatabaseFile ArtifactNode;
          click FileEncryption href "/technique/d3f:FileEncryption"; LocalFilePermissions["Local File Permissions"] -->
          | restricts | DatabaseFile["Database File"];

          LocalFilePermissions["Local File Permissions"] -.->
            | may-isolate | T1555006["Cloud Secrets Management Stores"] ;
          class LocalFilePermissions DefensiveTechniqueNode;
          class DatabaseFile ArtifactNode;
          click LocalFilePermissions href "/technique/d3f:LocalFilePermissions"; ContentModification["Content Modification"] -->
          | modifies | DatabaseFile["Database File"];

          ContentModification["Content Modification"] -.->
            | may-isolate | T1555006["Cloud Secrets Management Stores"] ;
          class ContentModification DefensiveTechniqueNode;
          class DatabaseFile ArtifactNode;
          click ContentModification href "/technique/d3f:ContentModification"; ContentQuarantine["Content Quarantine"] -->
          | quarantines | DatabaseFile["Database File"];

          ContentQuarantine["Content Quarantine"] -.->
            | may-isolate | T1555006["Cloud Secrets Management Stores"] ;
          class ContentQuarantine DefensiveTechniqueNode;
          class DatabaseFile ArtifactNode;
          click ContentQuarantine href "/technique/d3f:ContentQuarantine";  RestoreDatabase["Restore Database"] -->
          | restores | PasswordStore["Password Store"];

          RestoreDatabase["Restore Database"] -.->
            | may-restore | T1555006["Cloud Secrets Management Stores"] ;
          class RestoreDatabase DefensiveTechniqueNode;
          class PasswordStore ArtifactNode;
          click RestoreDatabase href "/technique/d3f:RestoreDatabase"; RestoreFile["Restore File"] -->
          | restores | DatabaseFile["Database File"];

          RestoreFile["Restore File"] -.->
            | may-restore | T1555006["Cloud Secrets Management Stores"] ;
          class RestoreFile DefensiveTechniqueNode;
          class DatabaseFile ArtifactNode;
          click RestoreFile href "/technique/d3f:RestoreFile"; FileAnalysis["File Analysis"] -->
          | analyzes | DatabaseFile["Database File"];

          FileAnalysis["File Analysis"] -.->
            | may-detect | T1555006["Cloud Secrets Management Stores"] ;
          class FileAnalysis DefensiveTechniqueNode;
          class DatabaseFile ArtifactNode;
          click FileAnalysis href "/technique/d3f:FileAnalysis"; ContentFiltering["Content Filtering"] -->
          | filters | DatabaseFile["Database File"];

          ContentFiltering["Content Filtering"] -.->
            | may-isolate | T1555006["Cloud Secrets Management Stores"] ;
          class ContentFiltering DefensiveTechniqueNode;
          class DatabaseFile ArtifactNode;
          click ContentFiltering href "/technique/d3f:ContentFiltering"; RemoteFileAccessMediation["Remote File Access Mediation"] -->
          | isolates | DatabaseFile["Database File"];

          RemoteFileAccessMediation["Remote File Access Mediation"] -.->
            | may-isolate | T1555006["Cloud Secrets Management Stores"] ;
          class RemoteFileAccessMediation DefensiveTechniqueNode;
          class DatabaseFile ArtifactNode;
          click RemoteFileAccessMediation href "/technique/d3f:RemoteFileAccessMediation";
json