ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool GOGGLES

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: GOGGLES

NamesGOGGLES
TROJAN.FOXY
CategoryMalware
TypeDownloader
Description(Citizen Lab) a simple downloader that is controlled via encoded markers in files accessed over HTTP.

The C2 communication method, commands, and particularly the data encoding method in GOGGLES are very similar to the sample we analyzed. The connection was initially noticed due to a shared string used in decoding methods, and the presence of the same two commands for each program. Follow-up code analysis confirmed that these programs share much of the same code, and use the same C2 server. It is very likely that GOGGLES is a later version of GLASSES.
Information<https://citizenlab.ca/2013/02/apt1s-glasses-watching-a-human-rights-organization/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.goggles>

Last change to this tool card: 23 April 2020

Download this tool card in JSON format

All groups using tool GOGGLES

ChangedNameCountryObserved

APT groups

 Comment Crew, APT 1China2006-May 2018X

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key