Skip to content

S0026 GLOOXMAIL

GLOOXMAIL is malware used by APT1 that mimics legitimate Jabber/XMPP traffic. 1

Item Value
ID S0026
Associated Names
Type MALWARE
Version 1.1
Created 31 May 2017
Last Modified 30 March 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1102 Web Service -
enterprise T1102.002 Bidirectional Communication GLOOXMAIL communicates to servers operated by Google using the Jabber/XMPP protocol.12

Groups That Use This Software

ID Name References
G0006 APT1 1

References

  1. Mandiant. (n.d.). APT1 Exposing One of China’s Cyber Espionage Units. Retrieved July 18, 2016. 

  2. CyberESI. (2011). TROJAN.GTALK. Retrieved June 29, 2015.