win.gdrive (Back to overview)


aka: DoomDrive, GoogleDriveSucks

Actor(s): APT 29, APT29

According to Unit 42, this is a .NET X64 malware that is capable of interaction with GoogleDrive, allowing an attacker to have victim information uploaded and payloads delivered.

2023-03-27GoogleGoogle Cybersecurity Action Team
Threat Horizons: April 2023 Threat Horizons Report
Gdrive APT41
2022-07-19Palo Alto Networks Unit 42Mike Harbison, Peter Renals
Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive
Cobalt Strike EnvyScout Gdrive
2022-07-19R136a1Dominik Reichel
A look into APT29's new early-stage Google Drive downloader
BEATDROP BOOMBOX Gdrive Unidentified 098 (APT29 Slack Downloader)

There is no Yara-Signature yet.