GOGGLES

Description

(Citizen Lab) a simple downloader that is controlled via encoded markers in files accessed over HTTP.

The C2 communication method, commands, and particularly the data encoding method in GOGGLES are very similar to the sample we analyzed. The connection was initially noticed due to a shared string used in decoding methods, and the presence of the same two commands for each program. Follow-up code analysis confirmed that these programs share much of the same code, and use the same C2 server. It is very likely that GOGGLES is a later version of GLASSES.

Names

Name
GOGGLES
TROJAN.FOXY

Type

Downloader

Information

https://citizenlab.ca/2013/02/apt1s-glasses-watching-a-human-rights-organization/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.goggles

Other Information

Uuid

b895fdbf-6989-4e6d-995a-01f508738cfb

Last Card Change

2020-04-23

Threat Intelligence Garden

Explorer

GOGGLES

GOGGLES

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks