Techniques
Sample rules
Suspicious Dropbox API Usage
- source: sigma
- technicques:
- t1105
Description
Detects an executable that isn’t dropbox but communicates with the Dropbox API
Detection logic
condition: selection and not filter
filter:
Image|contains: \Dropbox
selection:
DestinationHostname|endswith:
- api.dropboxapi.com
- content.dropboxapi.com
Initiated: 'true'