TONERJAM

According to Symantec, Grager was deployed against three organizations in Taiwan, Hong Kong, and Vietnam in April 2024. Analysis of the backdoor revealed that it used the Graph API to communicate with a C&C server hosted on Microsoft OneDrive. Grager was downloaded from a typosquatted URL mimicking the open-source file archiver 7-Zip.

Family metadata imported from Malpedia (Fraunhofer FKIE).