SYMBOLCOMMON_NAMEaka. SYNONYMS
win.drokbk (Back to overview)

Drokbk

Actor(s): APT35

Drokbk stands out for its use of the GitHub platform as part of its C&C infrastructure. This makes it difficult to detect and remove, as GitHub is not traditionally associated with malicious activities.

Drokbk attacks have been linked to the Iranian APT group Nemesis Kitten. This group is believed to use Drokbk for cyberespionage and financial information theft activities.

References
2023-04-18MicrosoftMicrosoft Threat Intelligence
Nation-state threat actor PHOSPHORUS refines tradecraft to attack high-value targets
Drokbk
2022-12-09SecureworksSecureWorks' Counter Threat Unit Research Team
Drokbk Malware Uses GitHub as Dead Drop Resolver
Drokbk
2022-03-09eSentireeSentire Threat Response Unit (TRU)
Exploitation of VMware Horizon Servers by TunnelVision Threat Actor
Drokbk

There is no Yara-Signature yet.