Phishing
Attackers have used dropbox.com to store malicious files and then share them with targets. Attackers can also have users redirected to malicious domains via links embedded in certain file types such as PDF.
Command and Control
Dropbox has been used by attackers as C&C servers. The open source tool DBC2 (DropBoxC2) can be used to utilize DropBox as a C&C server.
Exfiltration
dropbox.com can be used to store exfiltrated files on there.
Download
dropbox.com creates shared links for files which enables attackers to store tools there and download them when required.
Created: 2021-11-10
Last Update: 2021-11-10
Credits: mr.d0x, @EthanRobish