FaceXInjector (cbbba380-bf9d-4c3d-bda6-a808c4ad0113)
A C# injection tool stored in an XML file, used by the MirrorFace actor to execute their HiddenFace backdoor malware.[ESET MirrorFace March 18 2025]
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
MirrorFace (a59f3dd2-7685-4442-894c-bbb068540321) | Tidal Groups | FaceXInjector (cbbba380-bf9d-4c3d-bda6-a808c4ad0113) | Tidal Software | 1 |