GraphicalNeutrino

Description

(Recorded Future) GraphicalNeutrino acts as a loader with basic C2 functionality and implements numerous anti-analysis techniques including API unhooking, dynamically resolving APIs, string encryption, and sandbox evasion. It leverages Notion’s API for C2 communications and uses Notion’s database feature to store victim information and stage payloads for download.

Names

Name
GraphicalNeutrino
SNOWYAMBER

Type

Loader

Information

https://go.recordedfuture.com/hubfs/reports/cta-2023-0127.pdf

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.graphical_neutrino

Other Information

Uuid

a75363ed-ff52-4e01-86c1-603431252661

Last Card Change

2023-11-30

Threat Intelligence Garden

Explorer

GraphicalNeutrino

GraphicalNeutrino

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks