DRIGO

Description

(Trend Micro) PLEAD also uses the document-targeting exfiltration tool DRIGO, which mainly searches the infected machine for documents. Each copy of DRIGO contains a refresh token tied to specific Gmail accounts used by the attackers, which are in turn linked to a Google Drive account. The stolen files are uploaded to these Google Drives, where the attackers can harvest them.

Names

Name
DRIGO

Type

Exfiltration

Information

https://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacktech-cyber-espionage-campaigns/

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:DRIGO

Other Information

Uuid

d27ed600-5ef6-40f4-a5bb-46049a37c827

Last Card Change

2020-04-20

Threat Intelligence Garden

Explorer

DRIGO

DRIGO

Description

Names

Category

Type

Information

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks