Skip to content
MalwareWiki

Malware

Grager

Grager is a backdoor deployed against three organizations in Taiwan, Hong Kong, and Vietnam in April 2024.

Grager is a backdoor deployed against three organizations in Taiwan, Hong Kong, and Vietnam in April 2024. Analysis of this backdoor revealed that it uses the Graph API to communicate with a command and control (C&C) server hosted on Microsoft OneDrive. The backdoor decrypts a client ID and refresh token for OneDrive from a blob contained within its file body. It supports the following commands:

  • Retrieve machine information, including machine name, user, IP address, and machine architecture
  • Download or upload a file
  • Execute a file
  • Gather file system information, including available drives, their sizes, and types of drives

Family metadata imported from Malpedia (Fraunhofer FKIE).