SYMBOLCOMMON_NAMEaka. SYNONYMS
win.graphical_neutrino (Back to overview)

GraphicalNeutrino

Actor(s): APT29

This loader abuses the benign service Notion for data exchange.

References
2023-03-14BlackberryBlackBerry Research & Intelligence Team
@online{team:20230314:nobelium:f35029b, author = {BlackBerry Research & Intelligence Team}, title = {{NOBELIUM Uses Poland's Ambassador’s Visit to the U.S. to Target EU Governments Assisting Ukraine}}, date = {2023-03-14}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2023/03/nobelium-targets-eu-governments-assisting-ukraine}, language = {English}, urldate = {2023-03-14} } NOBELIUM Uses Poland's Ambassador’s Visit to the U.S. to Target EU Governments Assisting Ukraine
EnvyScout GraphicalNeutrino
2023-03-10MrtiepoloGianluca Tiepolo
@online{tiepolo:20230310:sophisticated:2892d3e, author = {Gianluca Tiepolo}, title = {{Sophisticated APT29 Campaign Abuses Notion API to Target the European Commission}}, date = {2023-03-10}, organization = {Mrtiepolo}, url = {https://mrtiepolo.medium.com/sophisticated-apt29-campaign-abuses-notion-api-to-target-the-european-commission-200188059f58}, language = {English}, urldate = {2023-03-14} } Sophisticated APT29 Campaign Abuses Notion API to Target the European Commission
BEATDROP EnvyScout GraphicalNeutrino tDiscoverer VaporRage
2023-01-26Recorded FutureInsikt Group
@techreport{group:20230126:bluebravo:9d6aa62, author = {Insikt Group}, title = {{BlueBravo Uses Ambassador Lure to Deploy GraphicalNeutrino Malware}}, date = {2023-01-26}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/cta-2023-0127.pdf}, language = {English}, urldate = {2023-02-02} } BlueBravo Uses Ambassador Lure to Deploy GraphicalNeutrino Malware
GraphicalNeutrino APT29

There is no Yara-Signature yet.