POLONIUM
Associated Group Descriptions |
|
Name | Description |
---|---|
Plaid Rain | (Citation: Microsoft Threat Actor Naming July 2023) |
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1583 | .006 | Acquire Infrastructure: Web Services |
POLONIUM has created and used legitimate Microsoft OneDrive accounts for their operations.(Citation: Microsoft POLONIUM June 2022) |
Enterprise | T1567 | .002 | Exfiltration Over Web Service: Exfiltration to Cloud Storage |
POLONIUM has exfiltrated stolen data to POLONIUM-owned OneDrive and Dropbox accounts.(Citation: Microsoft POLONIUM June 2022) |
Enterprise | T1588 | .002 | Obtain Capabilities: Tool |
POLONIUM has obtained and used tools such as AirVPN and plink in their operations.(Citation: Microsoft POLONIUM June 2022) |
Enterprise | T1102 | .002 | Web Service: Bidirectional Communication |
POLONIUM has used OneDrive and DropBox for C2.(Citation: Microsoft POLONIUM June 2022) |
Software |
|||
ID | Name | References | Techniques |
---|---|---|---|
S1023 | CreepyDrive | (Citation: Microsoft POLONIUM June 2022) | Web Protocols, Exfiltration to Cloud Storage, Bidirectional Communication, Application Access Token, File and Directory Discovery, Ingress Tool Transfer, PowerShell, Data from Local System |
S1024 | CreepySnail | (Citation: Microsoft POLONIUM June 2022) | Domain Accounts, Web Protocols, System Network Configuration Discovery, Standard Encoding, PowerShell, Exfiltration Over C2 Channel, System Owner/User Discovery |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.