MirrorFace Attack against Japanese Organisations

216.73.216.6

MirrorFace Attack against Japanese Organisations

· Published 02/08/2024 08:41 · Modified 02/08/2024 09:03

Essential information

Published: 02/08/2024 08:41
Modified: 02/08/2024 09:03
Tags: 2024-08-02 apt lodeinfo malware noopdoor ttp
Related entities: 1 vulnerabilities (cve), 27 observables, 1 intrusion sets (apt), 21 techniques (mitre), 2 malware

Description

The report provides in-depth details about the malware used by the threat actor MirrorFace in targeted attacks against Japanese organizations. It describes the NOOPDOOR malware's execution flow, obfuscation techniques, functionality, and the tactics, techniques, and procedures employed by the attackers. The report covers aspects such as initial access vectors, lateral movement, credential access, defense evasion techniques, and data exfiltration methods. The analysis aims to aid in detecting and mitigating these types of attacks.

External references

https://blogs.jpcert.or.jp/en/2024/07/mirrorface-attack-against-japanese-organisations.html
https://otx.alienvault.com/pulse/66ac9ba81220e9a190ea137f