CreepyDrive (7f7f05c3-fbb1-475e-b672-2113709065c8)
CreepyDrive is a custom implant has been used by POLONIUM since at least early 2022 for C2 with and exfiltration to actor-controlled OneDrive accounts.[Microsoft POLONIUM June 2022]
POLONIUM has used a similar implant called CreepyBox that relies on actor-controlled DropBox accounts.[Microsoft POLONIUM June 2022]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| POLONIUM (7fbd7514-76e9-4696-8c66-9f95546e3315) | Tidal Groups | CreepyDrive (7f7f05c3-fbb1-475e-b672-2113709065c8) | Tidal Software | 1 |