216.73.216.128

CreepyDrive

The MITRE Corporation · Published 07/07/2022 16:30 · Modified 27/03/2026 01:05 Family

Essential information

Confidence
100/100
Is family
Yes
Published
07/07/2022 16:30
Modified
27/03/2026 01:05
Revoked
No
Author / Source
The MITRE Corporation
Related entities
44 attack patterns (mitre), 1 intrusion sets (apt), 4 sectors, 1 countries, 2 indicators

Description

[CreepyDrive](https://attack.mitre.org/software/S1023) is a custom implant has been used by [POLONIUM](https://attack.mitre.org/groups/G1005) since at least early 2022 for C2 with and exfiltration to actor-controlled OneDrive accounts.(Citation: Microsoft POLONIUM June 2022) [POLONIUM](https://attack.mitre.org/groups/G1005) has used a similar implant called CreepyBox that relies on actor-controlled DropBox accounts.(Citation: Microsoft POLONIUM June 2022)

Marking (TLP)

TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references