GoldenEagle

Description

(Lookout) Among the aspects that make GoldenEagle particularly interesting is that the earliest test samples of this family appeared as early as 2012, making it one of the longest-running surveillanceware families we have observed to date. GoldenEagle code has been identified in an impressively large and diverse set of applications over the years. These samples can be divided into two major groups: those that exfiltrate data via HTTP and those that exfiltrate data via SMTP, i.e., by sending exfiltrated data in file attachments of emails to an attacker-controlled mailbox using innocuous-looking subjects and mail body content. The latter technique, while appearing in the early stages of GoldenEagle development, has resurfaced in samples signed and analysed in May 2020.

Names

Name
GoldenEagle

Type

Reconnaissance
Backdoor
Info stealer
Exfiltration

Information

https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf

Mitre Attack

https://attack.mitre.org/software/S0551/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/apk.goldeneagle

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:GoldenEagle

Other Information

Uuid

b36d7de7-3c91-4019-96b1-196c144c1e9f

Last Card Change

2022-12-30

Threat Intelligence Garden

Explorer

GoldenEagle

GoldenEagle

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks