Graphiron

Description

(Symantec) Graphiron is a two-stage threat consisting of a downloader (Downloader.Graphiron) and a payload (Infostealer.Graphiron).

The payload is capable of carrying out the following tasks:

• Reads MachineGuid • Obtains the IP address from https://checkip.amazonaws.com • Retrieves the hostname, system info, and user info • Steals data from Firefox and Thunderbird • Steals private keys from MobaXTerm. • Steals SSH known hosts • Steals data from PuTTY • Steals stored passwords • Takes screenshots • Creates a directory • Lists a directory • Runs a shell command • Steals an arbitrary file

Names

Name
Graphiron

Type

Reconnaissance
Backdoor
Info stealer
Credential stealer

Information

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/nodaria-ukraine-infostealer

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.graphiron

Other Information

Uuid

6b99018f-62bf-4df9-9a0f-c6209ba5c734

Last Card Change

2023-06-22

Threat Intelligence Garden

Explorer

Graphiron

Graphiron

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks