MirrorFace

MISP
Type:
Unknown
Country:
CN
First seen:
Unknown
Details:

[MirrorFace](https://attack.mitre.org/groups/G1054) is a People's Republic of China (PRC)-aligned cyberespionage actor believed to be a subgroup under the [menuPass](https://attack.mitre.org/groups/G0045) umbrella based on targeting, tools, and infrastructure overlaps. [MirrorFace](https://attack.mitre.org/groups/G1054) has been active since at least 2019, at first exclusively targeting Japanese organizations across the media, defense, diplomatic, financial, manufacturing, and academic sectors. Subsequent [MirrorFace](https://attack.mitre.org/groups/G1054) operations included targets in Central Europe and featured use of [LODEINFO](https://attack.mitre.org/software/S9020), [HiddenFace](https://attack.mitre.org/software/S9023), and [UPPERCUT](https://attack.mitre.org/software/S0275) malware.(Citation: Kaspersky LODEINFO OCT 2022)(Citation: Kaspersky LODEINFO Part II OCT 2022)(Citation: ESET MirrorFace DEC 2022)(Citation: JPCERT MirrorFace JUL 2024)(Citation: Trend Micro Earth Kasha NOV 2024)(Citation: Trend Micro Earth Kasha Updates APR 2025)

MITRE ATT&CK: View on MITRE
Techniques Used (43)
ID ATT&CK Tactics
T1003.001 LSASS Memory -
T1003.002 Security Account Manager -
T1003.003 NTDS -
T1005 Data from Local System -
T1007 System Service Discovery -
T1016 System Network Configuration Discovery -
T1018 Remote System Discovery -
T1021.001 Remote Desktop Protocol -
T1021.002 SMB/Windows Admin Shares -
T1027.013 Encrypted/Encoded File -
T1033 System Owner/User Discovery -
T1036.008 Masquerade File Type -
T1047 Windows Management Instrumentation -
T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol -
T1057 Process Discovery -
References (5)
Aliases (223)
Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha Earth Kasha
Related Malware (16)
BITSAdmin
tool
Cobalt Strike
other
DOWNIISSA
other
HiddenFace
other
ipconfig
tool
LODEINFO
other
MirrorStealer
other
nbtstat
tool
Net
tool
Nltest
tool
Metadata
ID: 507
Created: 13/01/2026 17:48
Updated: 01/05/2026 16:00