← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
GoGra, Grager, and MoonTag: The Rise of Cloud-Based Cyber Threats
WHITE eric.ford 2024-08-12 Modified: 2024-09-11
41
IOCs
MEDIUM VOLUME
A recent Symantec blog post details how malicious actors are increasingly abusing legitimate cloud services like Microsoft Graph API and Google Drive for command and control (C2) and data exfiltration. Abusing trusted cloud services lets attackers blend malicious traffic with legitimate activity, making detection harder. This trend highlights the need for advanced security strategies and vigilance to protect sensitive data from evolving cyber threats and enhance cyber resiliency.
threattype/malwarethreattype/cloud servicesmalwaretype/backdoormalware/gogramalware/gragermalware/moontagindustries/all industries
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Grager GoGra MoonTag gdrive client Onedrivetools BirdyClient
Indicators of Compromise (2 / 41 total)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://7-zip.tw/a/7z2301-x64.msi 2024-08-12
URL http://7-zip.tw/a/7z2301.msi 2024-08-12
References (1)
↗ https://symantec-enterprise-blogs.security.com/threat-intelligence/cloud-espionage-attacks