GraphicalProton (f77398ad-e043-4694-ade0-d6ea16a994e7)
According to joint Cybersecurity Advisory AA23-347A (December 2023), GraphicalProton "is a simplistic backdoor that uses OneDrive, Dropbox, and randomly generated BMPs" to exchange data with its operators. During a 2023 campaign, authorities also observed a HTTPS variant of GraphicalProton that relies on HTTP requests instead of cloud-based services.[U.S. CISA SVR TeamCity Exploits December 2023]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| APT29 (4c3e48b9-4426-4271-a7af-c3dfad79f447) | Tidal Groups | GraphicalProton (f77398ad-e043-4694-ade0-d6ea16a994e7) | Tidal Software | 1 |