GraphicalProton

Description

(Recorded Future) GraphicalProton acts as a loader and, much like previously described samples of GraphicalNeutrino, is staged within an ISO or ZIP file and relies on the newly identified compromised domains for delivery to targeted hosts. Unlike GraphicalNeutrino, which employed note-taking web application Notion for C2, the newly identified GraphicalProton sample uses Microsoft’s OneDrive for C2 communication.

Names

Name
GraphicalProton
GraphDrop
SPICYBEAT

Category

Malware

Type

• Loader

Information

• https://go.recordedfuture.com/hubfs/reports/cta-2023-0727-1.pdf

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.graphdrop

Other Information

Uuid

4ae4f2d3-f7d7-4585-b5a0-41d7991f99ea

Last Card Change

2023-11-30