Flea APT

AttributeValue
NameFlea
AliasesAPT15
Backdoor Diplomacy
ke3chang
Nylon Typhoon (formerly Nickel)
Playful Taurus
Royal APT
Vixen Panda
TypeMalware
Country of OriginChina
State Sponsored[]Unknown [] Unconfirmed [x] Confirmed
Active Since2004
Discovered bySymantec
Target CountriesAmericas
Target OrganizationsVarious ministries of foreign affairs
Organization Size
First discovered
ToolsGraphican is said to be an evolution of a known Flea backdoor called Ketrican, features from which have since been merged with another implant known as Okrum to spawn a new malware dubbed Ketrum.

The backdoor, despite having the same functionality, stands apart from Ketrican for making use of Microsoft Graph API and OneDrive to obtain the details of command-and-control (C&C) server.
TacticGain persistent access to its target networks
TechniqueBackdoor
Proceduresbackdoor.Graphican, a third generation backdoor
Organizations AttackedForeign affairs ministries