Report an incident
Customer Portal
← Back to Labs
← Volver a Labs
High
APT, Campaign, Malware
Defense Evasion
EDR, Sysmon, Windows

The Dark Side of Windows Sandbox: A New Frontier for Stealthy Threats

MirrorFace, a Chinese advanced persistent threat (APT) under the APT10 umbrella, was observed to conceal malicious activities by exploiting the Windows Sandbox during a targeted attack on a European institution. Although designed to run risky applications in an isolated environment, attackers have used this tool to distribute malicious payloads, reducing the risk of detection and delaying countermeasures.

Download PDF

labs correlati

RedSun: Turning Microsoft Defender into a Path to SYSTEM-Level Privilege Escalation
Medium
Bypass
Privilege Escalation
Sysmon, Windows

RedSun: Turning Microsoft Defender into a Path to SYSTEM-Level Privilege Escalation

Learn more
BlueHammer windows Zero-Day
Medium
Bypass
Privilege Escalation
EDR, Sysmon, Windows

BlueHammer windows Zero-Day

Learn more
Weaponizing Windows Toast Notifications Abuse of ToastNotify.exe for Phishing and Credential Coercion
Medium
Bypass
Defense Evasion
EDR, Sysmon, Windows

Weaponizing Windows Toast Notifications: Abuse of ToastNotify.exe for Phishing and Credential Coercion

Learn more
1 2 3 12

Contacts

Get in touch with us

Contact Us
Sorint.SEC
Via dell'Artigianato,
24046 Osio Sotto BG
Italy


+39 035 0510401
info@sec.sorint.it
Pages
Services
Certifications
chevron-right