GLASSES

Description

(Citizen Lab) The dropped executable connects to a website and downloads a single HTML page. The site appears to be part of a legitimate website for an eyeglasses company, suggesting that it has been compromised.

The accessed page contains an anchor with an encoded command in it. The malware looks for the string in the anchor tag with the target NewRef, and then decodes it to a command. The link itself is empty, so that there is nothing to click on and it is invisible on the page. Another page on the same site, aboutus.htm, contains a different command although the URL is not apparently used by this binary.

Looking through the malware code, it is evident that this is a simple downloader with only two commands.

Names

Name
GLASSES
Wordpress Bruteforcer

Type

Downloader

Information

https://citizenlab.ca/2013/02/apt1s-glasses-watching-a-human-rights-organization/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.glasses

Other Information

Uuid

36aef054-c9d1-43e1-bdcd-973f18961dda

Last Card Change

2022-12-28

Threat Intelligence Garden

Explorer

GLASSES

GLASSES

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks