GLOOXMAIL

Description

GLOOXMAIL communicates with Google’s Jabber/XMPP servers and authenticates with a hard-coded username and password. The malware can accept commands over XMPP that includes file upload and download, provide a remote shell, sending process listings, and terminating specified processes. The malware makes extensive use of the open source gloox library (http://camaya.net/gloox/, version 0.9.9.12) to communicate using the Jabber/XMPP protocol. All communications with the Google XMPP server are encrypted.

Names

Name
GLOOXMAIL
Trojan.GTALK

Type

Reconnaissance
Backdoor
Info stealer
Exfiltration

Information

http://contagiodump.blogspot.com/2013/03/mandiant-apt1-samples-categorized-by.html

Mitre Attack

https://attack.mitre.org/software/S0026/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.glooxmail

Other Information

Uuid

54d56c5b-b85c-49b4-90de-91a60cb9041a

Last Card Change

2020-04-23

Threat Intelligence Garden

Explorer

GLOOXMAIL

GLOOXMAIL

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks