SYMBOLCOMMON_NAMEaka. SYNONYMS
win.mirrorblast (Back to overview)

MirrorBlast

Actor(s): TA505

According to Minerva Labs, MirrorBlast malware is a trojan that is known for attacking users’ browsers. It usually pretends to be a legitimate browser add-on however it has now evolved additional capabilities, whereby other malwares are installed simultaneously. Recently, this trojan is thought to have tentative links to TA505 and PYSA groups.

References
2021-10-19ProofpointZydeca Cass, Axel F, Crista Giering, Matthew Mesa, Georgi Mladenov, Brandon Murphy
@online{cass:20211019:whatta:4d969e1, author = {Zydeca Cass and Axel F and Crista Giering and Matthew Mesa and Georgi Mladenov and Brandon Murphy}, title = {{Whatta TA: TA505 Ramps Up Activity, Delivers New FlawedGrace Variant}}, date = {2021-10-19}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/whatta-ta-ta505-ramps-activity-delivers-new-flawedgrace-variant}, language = {English}, urldate = {2021-10-24} } Whatta TA: TA505 Ramps Up Activity, Delivers New FlawedGrace Variant
FlawedGrace MirrorBlast
2021-10-14MorphisecArnold Osipov
@online{osipov:20211014:explosive:d6c6eb7, author = {Arnold Osipov}, title = {{Explosive New MirrorBlast Campaign Targets Financial Companies}}, date = {2021-10-14}, organization = {Morphisec}, url = {https://blog.morphisec.com/explosive-new-mirrorblast-campaign-targets-financial-companies}, language = {English}, urldate = {2021-10-24} } Explosive New MirrorBlast Campaign Targets Financial Companies
MirrorBlast
2021-10-05FRSecureOscar Minks
@online{minks:20211005:rebol:53830a0, author = {Oscar Minks}, title = {{The REBOL Yell: A New Novel REBOL Exploit}}, date = {2021-10-05}, organization = {FRSecure}, url = {https://frsecure.com/blog/the-rebol-yell-new-rebol-exploit/}, language = {English}, urldate = {2021-10-14} } The REBOL Yell: A New Novel REBOL Exploit
MirrorBlast
2021-09-24ProofpointProofpoint
@online{proofpoint:20210924:daily:403b8bd, author = {Proofpoint}, title = {{Daily Ruleset Update Summary 2021/09/24}}, date = {2021-09-24}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/daily-ruleset-update-summary-20210924}, language = {English}, urldate = {2021-10-05} } Daily Ruleset Update Summary 2021/09/24
MirrorBlast
2021-09-19HPPatrick Schläpfer
@online{schlpfer:20210919:mirrorblast:a81e63c, author = {Patrick Schläpfer}, title = {{MirrorBlast and TA505: Examining Similarities in Tactics, Techniques and Procedures}}, date = {2021-09-19}, organization = {HP}, url = {https://threatresearch.ext.hp.com/mirrorblast-and-ta505-examining-similarities-in-tactics-techniques-and-procedures/}, language = {English}, urldate = {2021-10-24} } MirrorBlast and TA505: Examining Similarities in Tactics, Techniques and Procedures
MirrorBlast

There is no Yara-Signature yet.