MALWARE FAMILY
GRAPELOADER
Internal ID: win.grapeloader
1
aliases
Last seen:Mar 17, 2026
Intelligence Profile
According to Checkpoint Research, GRAPELOADER is a newly observed initial-stage tool used for fingerprinting, persistence, and payload delivery. Despite differing roles, it shares similarities in code structure, obfuscation, and string decryption with WINELOADER. GRAPELOADER refines WINELOADER’s anti-analysis techniques while introducing more advanced stealth methods.
Threat Analysis
GRAPELOADER is a malware family tracked by threat intelligence researchers and catalogued in the Malpedia dataset. It represents a distinct malicious software lineage with identifiable code characteristics, behaviors, and victimology.
External References
Quick Facts
TypeMalware Family
Aliases1
Also Known As
win.grapeloader
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.