graphican

Malware Profile Updated 13 days ago
Download STIX
Preview STIX
Graphican is a novel malware developed by the Chinese threat actor group known as Flea, APT15, or Nickel. The malware, an evolution of the group's custom backdoor Ketrican, has been used in a series of cyber-attacks against foreign affairs ministries across Central and South America between late 2022 and early 2023. Unlike its predecessor, Graphican leverages the Microsoft Graph API and OneDrive to establish its command-and-control (C&C) infrastructure, a technique also employed by other threat groups such as APT28 and Bad Magic. The Graphican backdoor maintains the same core functionality as Ketrican, but its exploitation of Microsoft's services for C&C server details represents a significant upgrade. This malware can perform various operations based on commands received from the C&C server, including creating an interactive command line, generating files, downloading files, and creating processes with hidden windows. Its deployment signifies a continued trend of state-sponsored cyber threats aimed at infiltrating and disrupting foreign governmental operations. The discovery and analysis of the Graphican malware were detailed by the Threat Hunter Team at Symantec. This revelation underscores the persistent threat posed by state-sponsored actors like Flea, who have demonstrated their ability to evolve their techniques and tools over time. As a result, ongoing vigilance and proactive cybersecurity measures remain critical in countering such sophisticated threats.
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Ketrican
2
Ketrican is a type of malware, or malicious software, that was developed to exploit and damage computer systems. It's associated with the Ke3chang group and is known for its ability to infiltrate systems through suspicious downloads, emails, or websites. Once inside a system, Ketrican can steal pers
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
BS2005Unspecified
2
BS2005 is a malicious software (malware) traditionally used by a cybercriminal group for harmful activities. The malware infiltrates systems via suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. BS2005, known as a backd
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
APT15Unspecified
2
APT15, also known as Vixen Panda, Nickel, Flea, KE3CHANG, Royal APT, and Playful Dragon, is a threat actor group suspected to be of Chinese origin. The group targets global sectors including trade, economic and financial, energy, and military, aligning with the interests of the Chinese government. I
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the graphican Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
China-sponsored APT group targets government ministries in the Americas
DARKReading
a year ago
20-Year-Old Chinese APT15 Finds New Life in Foreign Ministry Attacks
CERT-EU
a year ago
Flea APT’s latest campaign targets foreign affairs ministries with new Graphican backdoor
CERT-EU
a year ago
Chinese Hackers APT15 Use New Backdoor Malware to Target American Ministries
CERT-EU
a year ago
Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor
CERT-EU
a year ago
China-Linked APT15 Targets Foreign Ministries With ‘Graphican’ Backdoor
CERT-EU
9 months ago
‘Earth Estries’ Cyberespionage Group Targets Government, Tech Sectors
CERT-EU
10 months ago
Industrial Organizations in Eastern Europe Targeted by Chinese Cyberspies
CERT-EU
a year ago
Novel Graphican backdoor leveraged in Chinese APT attacks against foreign ministries
CERT-EU
a year ago
Les dernières cyberattaques détectées | 27 juin 2023
CERT-EU
a year ago
Cyber security week in review: June 23, 2023
CERT-EU
8 months ago
My Tea's not cold : an overview of China's cyber threat – Global Security Mag Online
CERT-EU
a year ago
Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor – GIXtools