Graphon Backdoor

By GoldSparrow in Backdoors

Translate To:

The Graphon Backdoor is a custom-built backdoor threat that is being deployed as part of the threatening activities of a newly discovered APT (Advanced Persistent Threat) group named Harvester. The hackers appear to be focused on conducting espionage attack campaigns against targets located in South Asia, in Afghanistan specifically. The detected victims operate in several different sectors, including IT, government and telecommunication. For now, it is not immediately clear which nation-state is backing Harvester's threatening activities.

Graphon Details

The Graphon Backdoor is delivered to the compromised systems by another custom-built threat that acts as a downloader. The backdoor is compiled as .NET PE DLL file. The corrupted file is dropped in the following location:

D:\OfficeProjects\Updated Working Due to Submission\4.5\Outlook_4.5\Outlook 4.5.2 32 bit New without presistancy\NPServices\bin\x86\Debug\NPServices[.]pdb

Graphon tries to establish a connection with its Command-and-Control (C2, C&C) servers. The hackers host the backdoor's C2 infrastructure on Microsoft infrastructure to mask the suspicious outbound traffic. When fully deployed, Graphon will start obtaining specific data, which is then encrypted and exfiltrated to the attacker's servers.

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Graphon Backdoor

Graphon Details

Submit Comment

Trending

Safe Search Eng

Findtheirreport.com

MarioLocker Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen