ROAMINGHOUSE

MITRE

Malware Type:
Other

First seen:
Unknown

Last seen:
Unknown

Details:

[ROAMINGHOUSE](https://attack.mitre.org/software/S9026) is a dropper malware used by [MirrorFace](https://attack.mitre.org/groups/G1054) to extract and execute embedded payloads including [UPPERCUT](https://attack.mitre.org/software/S0275) components.(Citation: Trend Micro Earth Kasha Updates APR 2025)

Associated Techniques (11)

ID	ATT&CK	Tactics
T1027.013	Encrypted/Encoded File	-
T1047	Windows Management Instrumentation	-
T1137.001	Office Template Macros	-
T1140	Deobfuscate/Decode Files or Information	-
T1204.001	Malicious Link	-
T1204.002	Malicious File	-
T1480	Execution Guardrails	-
T1497.002	User Activity Based Checks	-
T1518.001	Security Software Discovery	-
T1566.002	Spearphishing Link	-
T1574.001	DLL	-

Used by Actors (1)

MirrorFace
Unknown

Metadata

ID:	164163
Created:	28/04/2026 16:00
Updated:	10/05/2026 16:00