GOGGLES (4bc55eb3-7c92-4668-a75a-d5e291387613)
A family of downloader malware, that retrieves an encoded payload from a fixed location, usually in the form of a file with the .jpg extension. Some variants have just an .exe that acts as a downloader, others have an .exe launcher that runs as a service and then loads an associated .dll of the same name that acts as the downloader. This IOC is targeted at the downloaders only. After downloading the file, the malware decodes the downloaded payload into an .exe file and launches it. The malware usually stages the files it uses in the %TEMP% directory or the %WINDIR%\Temp directory.
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
GOGGLES (4bc55eb3-7c92-4668-a75a-d5e291387613) | Tool | Goggles (7d89e8dc-4999-47e9-b497-b476e368a8d2) | Malpedia | 1 |