Skip to content

Hide Navigation Hide TOC

NOOPLDR - S9025 (66637cd6-ae68-4bcd-af82-32f70a854175)

NOOPLDR is a shellcode loader with XML/C# and DLL versions that has been used by MirrorFace to load HiddenFace.(Citation: Trend Micro Earth Kasha NOV 2024)

Cluster A Galaxy A Cluster B Galaxy B Level
Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3) Attack Pattern NOOPLDR - S9025 (66637cd6-ae68-4bcd-af82-32f70a854175) Malware 1
NOOPLDR - S9025 (66637cd6-ae68-4bcd-af82-32f70a854175) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 1
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern NOOPLDR - S9025 (66637cd6-ae68-4bcd-af82-32f70a854175) Malware 1
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern NOOPLDR - S9025 (66637cd6-ae68-4bcd-af82-32f70a854175) Malware 1
NOOPLDR - S9025 (66637cd6-ae68-4bcd-af82-32f70a854175) Malware DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 1
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern NOOPLDR - S9025 (66637cd6-ae68-4bcd-af82-32f70a854175) Malware 1
NOOPLDR - S9025 (66637cd6-ae68-4bcd-af82-32f70a854175) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern NOOPLDR - S9025 (66637cd6-ae68-4bcd-af82-32f70a854175) Malware 1
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern NOOPLDR - S9025 (66637cd6-ae68-4bcd-af82-32f70a854175) Malware 1
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern NOOPLDR - S9025 (66637cd6-ae68-4bcd-af82-32f70a854175) Malware 1
NOOPLDR - S9025 (66637cd6-ae68-4bcd-af82-32f70a854175) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 1
Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2