SYMBOLCOMMON_NAMEaka. SYNONYMS
win.gdrive (Back to overview)

Gdrive

aka: DoomDrive, GoogleDriveSucks

Actor(s): APT 29, APT29

According to Unit 42, this is a .NET X64 malware that is capable of interaction with GoogleDrive, allowing an attacker to have victim information uploaded and payloads delivered.

References
2023-03-27GoogleGoogle Cybersecurity Action Team
@techreport{team:20230327:threat:4aae33b, author = {Google Cybersecurity Action Team}, title = {{Threat Horizons: April 2023 Threat Horizons Report}}, date = {2023-03-27}, institution = {Google}, url = {https://services.google.com/fh/files/blogs/gcat_threathorizons_full_apr2023.pdf}, language = {English}, urldate = {2023-04-22} } Threat Horizons: April 2023 Threat Horizons Report
Gdrive APT41
2022-07-19R136a1Dominik Reichel
@online{reichel:20220719:look:84e1e01, author = {Dominik Reichel}, title = {{A look into APT29's new early-stage Google Drive downloader}}, date = {2022-07-19}, organization = {R136a1}, url = {https://r136a1.info/2022/07/19/a-look-into-apt29s-new-early-stage-google-drive-downloader/}, language = {English}, urldate = {2022-10-19} } A look into APT29's new early-stage Google Drive downloader
BEATDROP BOOMBOX Gdrive Unidentified 098 (APT29 Slack Downloader)
2022-07-19Palo Alto Networks Unit 42Mike Harbison, Peter Renals
@online{harbison:20220719:russian:acbf388, author = {Mike Harbison and Peter Renals}, title = {{Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive}}, date = {2022-07-19}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cloaked-ursa-online-storage-services-campaigns/}, language = {English}, urldate = {2022-07-19} } Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive
Cobalt Strike EnvyScout Gdrive

There is no Yara-Signature yet.