Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 22:03:12 UTC
Home > List all groups > List all tools > List all groups using tool GOGGLES
 Tool: GOGGLES
Names
GOGGLES
TROJAN.FOXY
Category Malware
Type Downloader
Description
(Citizen Lab) a simple downloader that is controlled via encoded markers in files accessed
over HTTP.
The C2 communication method, commands, and particularly the data encoding method in
GOGGLES are very similar to the sample we analyzed. The connection was initially noticed
due to a shared string used in decoding methods, and the presence of the same two commands
for each program. Follow-up code analysis confirmed that these programs share much of the
same code, and use the same C2 server. It is very likely that GOGGLES is a later version of
GLASSES.
Information Malpedia Last change to this tool card: 23 April 2020
Download this tool card in JSON format
All groups using tool GOGGLES
Changed Name Country Observed
APT groups
 Comment Crew, APT 1 2006-May 2018
1 group listed (1 APT, 0 other, 0 unknown)
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b895fdbf-6989-4e6d-995a-01f508738cfb
Page 1 of 2

Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b895fdbf-6989-4e6d-995a-01f508738cfb
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b895fdbf-6989-4e6d-995a-01f508738cfb
Page 2 of 2