MirrorFace Attack against Japanese Organisations
Aug. 2, 2024, 9:03 a.m.
Tags
External References
Description
The report provides in-depth details about the malware used by the threat actor MirrorFace in targeted attacks against Japanese organizations. It describes the NOOPDOOR malware's execution flow, obfuscation techniques, functionality, and the tactics, techniques, and procedures employed by the attackers. The report covers aspects such as initial access vectors, lateral movement, credential access, defense evasion techniques, and data exfiltration methods. The analysis aims to aid in detecting and mitigating these types of attacks.
Date
Published: Aug. 2, 2024, 8:41 a.m.
Created: Aug. 2, 2024, 8:41 a.m.
Modified: Aug. 2, 2024, 9:03 a.m.
Indicators
2a12:a300:3700::5d9f:b451
2a12:a300:3600::31b5:2e02
2400:8902::f03c:93ff:fe8a:5327
2001:19f0:7001:2ae2:5400:4ff:fe0a:5566
bcd34d436cbac235b56ee5b7273baed62bf385ee13721c7fdcfc00af9ed63997
b07c7dfb3617cd40edc1ab309a68489a3aa4aa1e8fd486d047c155c952dc509e
9590646b32fec3aafd6c648f69ca9857fb4be2adfabf3bcaf321c8cd25ba7b83
93af6afb47f4c42bc0da3eedc6ecb9054134f4a47ef0add0d285404984011072
7a7e7e0d817042e54129697947dfb423b607692f4457163b5c62ffea69a8108d
572f6b98cc133b2d0c8a4fd8ff9d14ae36cdaa119086a5d56079354e49d2a7ce
5e7cd0461817b390cf05a7c874e017e9f44eef41e053da99b479a4dfa3a04512
4f932d6e21fdd0072aba61203c7319693e490adbd9e93a49b0fe870d4d0aed71
0d59734bdb0e6f4fe6a44312a2d55145e98b00f75a148394b2e4b86436c32f4c
43349c97b59d8ba8e1147f911797220b1b7b87609fe4aaa7f1dbacc2c27b361d
89.233.109.69
64.176.214.51
45.77.12.212
207.148.97.235
45.66.217.106
207.148.103.42
108.160.130.45
168.100.8.103
95.85.91.15
45.77.183.161
45.76.222.130
https://blog.itochuci.co.jp/entry/2024/01/24/134047
blog.itochuci.co.jp
Attack Patterns
NOOPDOOR
LODEINFO
MirrorFace
T1134.002
T1127.001
T1568.002
T1562.004
T1021.002
T1039
T1543.003
T1070.001
T1053.005
T1560.001
T1087
T1070.006
T1070.004
T1562.001
T1564
T1083
T1055
T1140
T1112
T1133
T1003
CVE-2022-1388