Drokbk

Drokbk stands out for its use of the GitHub platform as part of its C&C infrastructure. This makes it difficult to detect and remove, as GitHub is not traditionally associated with malicious activities.

Drokbk attacks have been linked to the Iranian APT group Nemesis Kitten. This group is believed to use Drokbk for cyberespionage and financial information theft activities.

Family metadata imported from Malpedia (Fraunhofer FKIE).