r_m_dropbox_dropbox_Ransomware.md

Rules by Product and UseCase

Vendor: Dropbox

Product: Dropbox

Use-Case: Ransomware

Rules	Models	MITRE ATT&CK® TTPs	Activity Types	Parsers
2	0	2	2	14

Event Type	Rules	Models
app-login	T1078 - Valid Accounts ↳ Auth-Ransomware-Shost: User authentication or login from a known ransomware IP
file-write	T1486 - Data Encrypted for Impact ↳ FA-EXT: A file has been written and is suspected of Ransomware on host