APT / THREAT GROUP
GraphDrop
4
aliases
Last seen:Mar 17, 2026
Intelligence Profile
PANW Unit 42 describes this malware as capable of up and downloading files as well as loading additional shellcode payloads into selected target processes. It uses the Microsoft Graph API and Dropbox API as C&C channel.
Threat Analysis
GraphDrop is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
External References
Quick Facts
TypeAPT / Threat Group
Aliases4
Also Known As
GraphDropSPICYBEATGraphicalProtonwin.graphdrop
External Intelligence
Malpedia: win.graphdropResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.