← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
GoGra, Grager, and MoonTag: The Rise of Cloud-Based Cyber Threats
WHITE eric.ford 2024-08-12 Modified: 2024-09-11
41
IOCs
MEDIUM VOLUME
A recent Symantec blog post details how malicious actors are increasingly abusing legitimate cloud services like Microsoft Graph API and Google Drive for command and control (C2) and data exfiltration. Abusing trusted cloud services lets attackers blend malicious traffic with legitimate activity, making detection harder. This trend highlights the need for advanced security strategies and vigilance to protect sensitive data from evolving cyber threats and enhance cyber resiliency.
threattype/malwarethreattype/cloud servicesmalwaretype/backdoormalware/gogramalware/gragermalware/moontagindustries/all industries
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Grager GoGra MoonTag gdrive client Onedrivetools BirdyClient
Indicators of Compromise (41)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2024-21887 2024-08-12
CVE CVE-2024-21893 2024-08-12
FileHash-MD5 033248802a758936b51c7e4c6418e3a0 MD5 of fd9fc13dbd39f920c52fbc917d6c9ce0a28e0d049812189f1bb887486caedbeb 2024-08-12
FileHash-MD5 064168021533f29c21ebf25994bf9b64 MD5 of ab6a684146cec59ec3a906d9e018b318fb6452586e8ec8b4e37160bcb4adc985 2024-08-12
FileHash-MD5 1f38e3218443cba2994ba346fa339166 MD5 of f1ccd604fcdc0034d94e575b3709cd124e13389bbee55c59cbbf7d4f3476e214 2024-08-12
FileHash-MD5 48aff3b72162a1ec56017d8326982498 MD5 of 582b21409ee32ffca853064598c5f72309247ad58640e96287bb806af3e7bede 2024-08-12
FileHash-MD5 654d80592f17ef6c1980704f9be02864 MD5 of 97551bd3ff8357831dc2b6d9e152c8968d9ce1cd0090b9683c38ea52c2457824 2024-08-12
FileHash-MD5 70be0ebcdfb46a5317df95404b958462 MD5 of d728cdcf62b497362a1ba9dbaac5e442cebe86145734410212d323a6c2959f0f 2024-08-12
FileHash-MD5 71921e5fa86a398163e7801af479c819 MD5 of 527fada7052b955ffa91df3b376cc58d387b39f2f44ebdcb54bc134e112a1c14 2024-08-12
FileHash-MD5 7f352d63a24b3c281ee49de6c566d99a MD5 of a76507b51d84708c02ca2bd5a5775c47096bc740c9f7989afd6f34825edfcba6 2024-08-12
FileHash-MD5 8369c1c67b2694665b4289766328e0be MD5 of f69fb19604362c5e945d8671ce1f63bb1b819256f51568daff6fed6b5cc2f274 2024-08-12
FileHash-MD5 b14ca5898a4e4133bbce2ea2315a1916 2024-08-12
FileHash-MD5 f6beaeb79dbda516ce3d9b64f6abe83e MD5 of 79e56dc69ca59b99f7ebf90a863f5351570e3709ead07fe250f31349d43391e6 2024-08-12
FileHash-SHA1 269ed1073328556d0be38b2fb5288e9be9e6c629 SHA1 of fd9fc13dbd39f920c52fbc917d6c9ce0a28e0d049812189f1bb887486caedbeb 2024-08-12
FileHash-SHA1 2ef13ce1e86fbcfd29079c670a6bb1a9a34daca2 SHA1 of f1ccd604fcdc0034d94e575b3709cd124e13389bbee55c59cbbf7d4f3476e214 2024-08-12
FileHash-SHA1 3539bee7feb13fcda5be45dffc6da3e635a59d90 SHA1 of 97551bd3ff8357831dc2b6d9e152c8968d9ce1cd0090b9683c38ea52c2457824 2024-08-12
FileHash-SHA1 3c1951aa709a79ed0654daa679bc71eed4a32941 SHA1 of 527fada7052b955ffa91df3b376cc58d387b39f2f44ebdcb54bc134e112a1c14 2024-08-12
FileHash-SHA1 5210700004172eeb74655a62824f3bb6ab7667f5 SHA1 of ab6a684146cec59ec3a906d9e018b318fb6452586e8ec8b4e37160bcb4adc985 2024-08-12
FileHash-SHA1 7895a0007c030f37ae5f9185eeb05dde3248e8bd SHA1 of f69fb19604362c5e945d8671ce1f63bb1b819256f51568daff6fed6b5cc2f274 2024-08-12
FileHash-SHA1 88306961209d423c7b296b7dc469b186bbe3e178 SHA1 of d728cdcf62b497362a1ba9dbaac5e442cebe86145734410212d323a6c2959f0f 2024-08-12
FileHash-SHA1 96f6b9e1dff448ea78ac9d1d2a6d3ea968d27a1a SHA1 of 79e56dc69ca59b99f7ebf90a863f5351570e3709ead07fe250f31349d43391e6 2024-08-12
FileHash-SHA1 a63440c39358c94370fe171e7765a4fa4fef67d7 SHA1 of 582b21409ee32ffca853064598c5f72309247ad58640e96287bb806af3e7bede 2024-08-12
FileHash-SHA1 b956f5124f5df6522d00d5014ad9d84d3357546d SHA1 of a76507b51d84708c02ca2bd5a5775c47096bc740c9f7989afd6f34825edfcba6 2024-08-12
FileHash-SHA256 30093c2502fed7b2b74597d06b91f57772f2ae50ac420bcaa627038af33a6982 2024-08-12
FileHash-SHA256 4057534799993a63f41502ec98181db0898d1d82df0d7902424a1899f8f7f9d2 2024-08-12
FileHash-SHA256 45a5dd715dc5f08f3b987a0415c2e500c549508aadf4183fdb94f749af8f1d67 2024-08-12
FileHash-SHA256 527fada7052b955ffa91df3b376cc58d387b39f2f44ebdcb54bc134e112a1c14 2024-08-12
FileHash-SHA256 582b21409ee32ffca853064598c5f72309247ad58640e96287bb806af3e7bede 2024-08-12
FileHash-SHA256 79e56dc69ca59b99f7ebf90a863f5351570e3709ead07fe250f31349d43391e6 2024-08-12
FileHash-SHA256 97551bd3ff8357831dc2b6d9e152c8968d9ce1cd0090b9683c38ea52c2457824 2024-08-12
FileHash-SHA256 9f61ed14660d8f85d606605d1c4c23849bd7a05afd02444c3b33e3af591cfdc9 2024-08-12
FileHash-SHA256 a76507b51d84708c02ca2bd5a5775c47096bc740c9f7989afd6f34825edfcba6 2024-08-12
FileHash-SHA256 ab6a684146cec59ec3a906d9e018b318fb6452586e8ec8b4e37160bcb4adc985 2024-08-12
FileHash-SHA256 d728cdcf62b497362a1ba9dbaac5e442cebe86145734410212d323a6c2959f0f 2024-08-12
FileHash-SHA256 f1ccd604fcdc0034d94e575b3709cd124e13389bbee55c59cbbf7d4f3476e214 2024-08-12
FileHash-SHA256 f69fb19604362c5e945d8671ce1f63bb1b819256f51568daff6fed6b5cc2f274 2024-08-12
FileHash-SHA256 fd9fc13dbd39f920c52fbc917d6c9ce0a28e0d049812189f1bb887486caedbeb 2024-08-12
URL http://7-zip.tw/a/7z2301-x64.msi 2024-08-12
URL http://7-zip.tw/a/7z2301.msi 2024-08-12
domain 7-zip.tw 2024-08-12
hostname 30sof.onedumb.com 2024-08-12
References (1)
↗ https://symantec-enterprise-blogs.security.com/threat-intelligence/cloud-espionage-attacks