ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool MirrorStealer

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: MirrorStealer

NamesMirrorStealer
CategoryMalware
TypeCredential stealer
Description(ESET) MirrorStealer, internally named 31558_n.dll by MirrorFace, is a credential stealer. To the best of our knowledge, this malware has not been publicly described. In general, MirrorStealer steals credentials from various applications such as browsers and email clients. Interestingly, one of the targeted applications is Becky!, an email client that is currently only available in Japan. All the stolen credentials are stored in %TEMP%\31558.txt and since MirrorStealer doesn’t have the capability to exfiltrate the stolen data, it depends on other malware to do it.
Information<https://www.welivesecurity.com/2022/12/14/unmasking-mirrorface-operation-liberalface-targeting-japanese-political-entities/>

Last change to this tool card: 27 December 2022

Download this tool card in JSON format

All groups using tool MirrorStealer

ChangedNameCountryObserved

APT groups

 Operation LiberalFace, MirrorFaceChina2022 

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]