EXPLORE
Sign In
← Back to Actors

MirrorFace

MirrorFaceEarth Kasha

[MirrorFace](https://attack.mitre.org/groups/G1054) is a People's Republic of China (PRC)-aligned cyberespionage actor believed to be a subgroup under the [menuPass](https://attack.mitre.org/groups/G0045) umbrella based on targeting, tools, and infrastructure overlaps. [MirrorFace](https://attack.mitre.org/groups/G1054) has been active since at least 2019, at first exclusively targeting Japanese organizations across the media, defense, diplomatic, financial, manufacturing, and academic sectors. Subsequent [MirrorFace](https://attack.mitre.org/groups/G1054) operations included targets in Centra...

43
Techniques
40
Covered
3
Gaps
93%
Coverage
Coverage40/43

GAPS (3)

T1048.002Exfiltration Over Asymmetric Encrypted Non-C2 ProtocolT1591Gather Victim Org InformationT1684.001Impersonation

COVERED (40)

T1003.001LSASS Memory111 det.T1003.002Security Account Manager48 det.T1003.003NTDS36 det.T1005Data from Local System47 det.T1007System Service Discovery14 det.T1016System Network Configuration Discovery37 det.T1018Remote System Discovery49 det.T1021.001Remote Desktop Protocol52 det.T1021.002SMB/Windows Admin Shares71 det.T1027.013Encrypted/Encoded File8 det.T1033System Owner/User Discovery59 det.T1036.008Masquerade File Type5 det.T1047Windows Management Instrumentation87 det.T1057Process Discovery20 det.T1059.003Windows Command Shell81 det.T1059.005Visual Basic68 det.T1070.004File Deletion42 det.T1071.002File Transfer Protocols1 det.T1074.002Remote Data Staging3 det.T1082System Information Discovery82 det.T1083File and Directory Discovery48 det.T1087.002Domain Account57 det.T1090Proxy44 det.T1114.001Local Email Collection11 det.T1190Exploit Public-Facing Application210 det.T1204.002Malicious File416 det.T1221Template Injection1 det.T1482Domain Trust Discovery40 det.T1553.002Code Signing3 det.T1556.002Password Filter DLL3 det.T1560.001Archive via Utility26 det.T1566.001Spearphishing Attachment886 det.T1566.002Spearphishing Link874 det.T1574.001DLL108 det.T1587.001Malware10 det.T1588.002Tool13 det.T1614.001System Language Discovery2 det.T1685Disable or Modify Tools159 det.T1685.005Clear Windows Event Logs6 det.T1686.003Windows Host Firewall20 det.