Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
MirageFox has the capability to execute commands using cmd.exe.[1] |
Enterprise | T1140 | Deobfuscate/Decode Files or Information |
MirageFox has a function for decrypting data containing C2 configuration information.[1] |
|
Enterprise | T1574 | .001 | Hijack Execution Flow: DLL Search Order Hijacking |
MirageFox is likely loaded via DLL hijacking into a legitimate McAfee binary.[1] |
Enterprise | T1082 | System Information Discovery |
MirageFox can collect CPU and architecture information from the victim’s machine.[1] |
|
Enterprise | T1033 | System Owner/User Discovery |
MirageFox can gather the username from the victim’s machine.[1] |