CreepyDrive

MITRE

Tipo Malware:
Other

Prima attivita:
Unknown

Ultima attivita:
Unknown

Dettagli:

[CreepyDrive](https://attack.mitre.org/software/S1023) is a custom implant has been used by [POLONIUM](https://attack.mitre.org/groups/G1005) since at least early 2022 for C2 with and exfiltration to actor-controlled OneDrive accounts.(Citation: Microsoft POLONIUM June 2022)

[POLONIUM](https://attack.mitre.org/groups/G1005) has used a similar implant called CreepyBox that relies on actor-controlled DropBox accounts.(Citation: Microsoft POLONIUM June 2022)

Tecniche Associate (8)

ID	ATT&CK	Tattiche
T1005	Data from Local System	-
T1059.001	PowerShell	-
T1071.001	Web Protocols	-
T1083	File and Directory Discovery	-
T1102.002	Bidirectional Communication	-
T1105	Ingress Tool Transfer	-
T1550.001	Application Access Token	-
T1567.002	Exfiltration to Cloud Storage	-

Usato da Attori (1)

POLONIUM
Nation-state

Metadata

ID:	336
Created:	13/01/2026 17:48
Updated:	06/03/2026 16:00