MALWARE FAMILY
TONERJAM
Internal ID: win.tonerjam
1
aliases
Last seen:Mar 17, 2026
Intelligence Profile
According to Symantec, Grager was deployed against three organizations in Taiwan, Hong Kong, and Vietnam in April 2024. Analysis of the backdoor revealed that it used the Graph API to communicate with a C&C server hosted on Microsoft OneDrive. Grager was downloaded from a typosquatted URL mimicking the open-source file archiver 7-Zip.
Threat Analysis
TONERJAM is a malware family tracked by threat intelligence researchers and catalogued in the Malpedia dataset. It represents a distinct malicious software lineage with identifiable code characteristics, behaviors, and victimology.
External References
Quick Facts
TypeMalware Family
Aliases1
Also Known As
win.tonerjam
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.