{'created': '2022-03-17T13:28:24.989Z',
 'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'description': 'Adversaries may abuse cloud APIs to execute malicious '
                'commands. APIs available in cloud environments provide '
                'various functionalities and are a feature-rich method for '
                'programmatic access to nearly all aspects of a tenant. These '
                'APIs may be utilized through various methods such as command '
                'line interpreters (CLIs), in-browser Cloud Shells, '
                '[PowerShell](https://attack.mitre.org/techniques/T1059/001) '
                'modules like Azure for PowerShell(Citation: Microsoft - Azure '
                'PowerShell), or software developer kits (SDKs) available for '
                'languages such as '
                '[Python](https://attack.mitre.org/techniques/T1059/006).  \n'
                '\n'
                'Cloud API functionality may allow for administrative access '
                'across all major services in a tenant such as compute, '
                'storage, identity and access management (IAM), networking, '
                'and security policies.\n'
                '\n'
                'With proper permissions (often via use of credentials such as '
                '[Application Access '
                'Token](https://attack.mitre.org/techniques/T1550/001) and '
                '[Web Session '
                'Cookie](https://attack.mitre.org/techniques/T1550/004)), '
                'adversaries may abuse cloud APIs to invoke various functions '
                'that execute malicious actions. For example, CLI and '
                'PowerShell functionality may be accessed through binaries '
                'installed on cloud-hosted or on-premises hosts or accessed '
                'through a browser-based cloud shell offered by many cloud '
                'platforms (such as AWS, Azure, and GCP). These cloud shells '
                'are often a packaged unified environment to use CLI and/or '
                'scripting modules hosted as a container in the cloud '
                'environment.  ',
 'external_references': [{'external_id': 'T1059.009',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/techniques/T1059/009'},
                         {'description': 'Microsoft. (2014, December 12). '
                                         'Azure/azure-powershell. Retrieved '
                                         'March 24, 2023.',
                          'source_name': 'Microsoft - Azure PowerShell',
                          'url': 'https://github.com/Azure/azure-powershell'}],
 'id': 'attack-pattern--55bb4471-ff1f-43b4-88c1-c9384ec47abf',
 'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
                        'phase_name': 'execution'}],
 'modified': '2025-04-15T19:58:32.612Z',
 'name': 'Cloud API',
 'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
 'revoked': False,
 'spec_version': '2.1',
 'type': 'attack-pattern',
 'x_mitre_attack_spec_version': '3.2.0',
 'x_mitre_contributors': ['Ozan Olali',
                          'Nichols Jasper',
                          'Jason Sevilla',
                          'Marcus Weeks',
                          'Caio Silva'],
 'x_mitre_deprecated': False,
 'x_mitre_detection': '',
 'x_mitre_domains': ['enterprise-attack'],
 'x_mitre_is_subtechnique': True,
 'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'x_mitre_platforms': ['IaaS', 'Identity Provider', 'Office Suite', 'SaaS'],
 'x_mitre_remote_support': False,
 'x_mitre_version': '1.2'}