APT / THREAT GROUP
GoGra
3
aliases
Last seen:Mar 17, 2026
Intelligence Profile
According to Symantec, a previously unseen backdoor that was deployed against a media organization in South Asia in November, 2023. GoGra is written in Go and uses the Microsoft Graph API to interact with a command-and-control (C&C) server hosted on Microsoft mail services.
Threat Analysis
GoGra is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning GoGra
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
The Hacker News· Apr 22, 2026
New GoGra malware for Linux uses Microsoft Graph API for comms
BleepingComputer· Apr 22, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases3
Also Known As
OnedrivetoolsGoGrawin.gogra
External Intelligence
Malpedia: win.gograResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.