MirrorFace APT Using Custom Malware To Exploited Windows Sandbox & Visual Studio Code
Tags
cmtmf-attack-pattern: Command-Line Interface
country: Japan
attack-pattern: Data Command-Line Interface - T1605 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Scheduled Task - T1053.005 Command-Line Interface - T1059 Graphical User Interface - T1061 Powershell - T1086 Scheduled Task - T1053 Command-Line Interface Graphical User Interface
Show in Graph
Common Information
Type Value
UUID 2548f530-5174-4ca0-ac37-bfc1bebd524c
Fingerprint 149ecb3984273682
Analysis status DONE
Considered CTI value 1
Text language
Published March 12, 2025, 1:06 p.m.
Added to db March 12, 2025, 3:01 p.m.
Last updated March 20, 2025, 10:43 a.m.
Headline MirrorFace APT Using Custom Malware To Exploited Windows Sandbox & Visual Studio Code
Title MirrorFace APT Using Custom Malware To Exploited Windows Sandbox & Visual Studio Code
Detected Hints/Tags/Attributes 55/3/9
Source URLs
Redirection Url
Details Source https://gbhackers.com/mirrorface-apt-using-custom-malware-to-exploited/
URL Provider
Details Provider Source level domain
Details gbhackers.com gbhackers.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 125 GBHackers Security | #1 Globally Trusted Cyber Security News Platform https://gbhackers.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 1778 
any.run
Details File 1 
wsb.exe
Details File 1 
windowssandbox.exe
Details File 1 
windowssandboxclient.exe
Details File 1 
cmproxyd.exe
Details File 1 
windowssandboxserver.exe
Details File 1 
windowssandboxremotesession.exe
Details Microsoft Patch Numbers 4 
KB5044384
Details Threat Actor Identifier - APT 351 
APT10