S1023WindowsOffice 365

S1023CreepyDrive

Platforms
2
ATT&CK
14.1
References
2

Description

[CreepyDrive](https://attack.mitre.org/software/S1023) is a custom implant has been used by [POLONIUM](https://attack.mitre.org/groups/G1005) since at least early 2022 for C2 with and exfiltration to actor-controlled OneDrive accounts.(Citation: Microsoft POLONIUM June 2022) [POLONIUM](https://attack.mitre.org/groups/G1005) has used a similar implant called CreepyBox that relies on actor-controlled DropBox accounts.(Citation: Microsoft POLONIUM June 2022)

Platforms· 2

WindowsOffice 365

Attributed to1

TypeTargetConfidenceTier
GroupPOLONIUMg100595%live

References

  1. https://attack.mitre.org/software/S1023
  2. https://www.microsoft.com/security/blog/2022/06/02/exposing-polonium-activity-and-infrastructure-targeting-israeli-organizations/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
CreepySnail
Software
ccf32
Software
PingPull
Software
FunnyDream
Software
Bumblebee
Software
PyDCrypt
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.