Tag
medium
advisory
Potential Data Exfiltration via Rclone
3 rules 1 TTPThe rule detects the abuse of rclone, a legitimate file synchronization tool, potentially renamed to evade detection, to exfiltrate data to cloud storage or remote endpoints, using copy/sync commands and specific file filters.
rclone
exfiltration
cloud storage
windows
3r
1t
medium
advisory
Azure Storage Account Data Exfiltration via AzCopy and SAS Token Abuse
2 rules 2 TTPsSuccessful GetBlob operations on Azure Storage Accounts using the AzCopy user agent with SAS token authentication can indicate data exfiltration by adversaries abusing compromised SAS tokens.
Azure Storage
azure
exfiltration
cloud-storage
azcopy
2r
2t