ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool GLASSES

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: GLASSES

NamesGLASSES
Wordpress Bruteforcer
CategoryMalware
TypeDownloader
Description(Citizen Lab) The dropped executable connects to a website and downloads a single HTML page. The site appears to be part of a legitimate website for an eyeglasses company, suggesting that it has been compromised.

The accessed page contains an anchor with an encoded command in it. The malware looks for the string in the anchor tag with the target NewRef, and then decodes it to a command. The link itself is empty, so that there is nothing to click on and it is invisible on the page. Another page on the same site, aboutus.htm, contains a different command although the URL is not apparently used by this binary.

Looking through the malware code, it is evident that this is a simple downloader with only two commands.
Information<https://citizenlab.ca/2013/02/apt1s-glasses-watching-a-human-rights-organization/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.glasses>

Last change to this tool card: 28 December 2022

Download this tool card in JSON format

Previous: GlanceLove
Next: GLASSTOKEN

All groups using tool GLASSES

ChangedNameCountryObserved

APT groups

 Comment Crew, APT 1China2006-May 2018X

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]