Notes / Threat IntelligenceAWS Credentials GETAWS Credentials GET3 February 20221 min readCategories:threat-intelligenceTags:tcp80httpawsContentsPacket detailsProtocolPortContent MD5Sample date timeASCIIHEXExternal referenceOriginal packetArchive note: This observation was migrated from the former threatdump project. It is retained as historical packet research and is not a live threat feed. AWS Credential file HTTP GETPacket detailsProtocolTCPPort80Content MD5a2985d2b-c709-017c-c025-71be73db1201Sample date time2022-02-02 13:50:00.296 GMTASCIIGET /.aws/credentials HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive HEXn/aExternal referenceAWS CLIOriginal packetn/a← Siemens Logo! 0BA7 PLCMicrosoft Windows SMB →
