Product

CloudFront

1 brief RSS

Suspicious AWS S3 Connection via Script Interpreter

The rule detects script interpreters (osascript, Node.js, Python) making outbound connections to AWS S3 or CloudFront domains on macOS, which may indicate command and control or data exfiltration activity.

AWS S3 +1 command-and-control exfiltration macos

2r 5t 12h ago