Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols | |
Enterprise | T1105 | Ingress Tool Transfer |
CloudDuke downloads and executes additional malware from either a Web address or a Microsoft OneDrive account.[1] |
|
Enterprise | T1102 | .002 | Web Service: Bidirectional Communication |
One variant of CloudDuke uses a Microsoft OneDrive account to exchange commands and stolen data with its operators.[1] |
ID | Name | References |
---|---|---|
G0016 | APT29 |