SYMBOLCOMMON_NAMEaka. SYNONYMS
win.graphican (Back to overview)

Graphican

Actor(s): APT15


According to Symantec, Graphican is an evolution of the known APT15 backdoor Ketrican, which itself was based on a previous malware - BS2005 - also used by APT15. Graphican has the same basic functionality as Ketrican, with the difference between them being Graphican’s use of the Microsoft Graph API and OneDrive to obtain its command-and-control (C&C) infrastructure.

References
2023-06-21SymantecThreat Hunter Team
@online{team:20230621:graphican:2379d97, author = {Threat Hunter Team}, title = {{Graphican: Flea Uses New Backdoor in Attacks Targeting Foreign Ministries}}, date = {2023-06-21}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/flea-backdoor-microsoft-graph-apt15}, language = {English}, urldate = {2023-09-08} } Graphican: Flea Uses New Backdoor in Attacks Targeting Foreign Ministries
Graphican

There is no Yara-Signature yet.