SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
MirageFox
MirageFox is a remote access tool used against Windows systems. It appears to be an upgraded version of a tool known as Mirage, which is a RAT believed to originate in 2012. [1]
ID: S0280
Type: MALWARE
Platforms: Windows
Version: 1.1
Created: 17 October 2018
Last Modified: 30 March 2020
Techniques Used
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
MirageFox has the capability to execute commands using cmd.exe.[1] |
Enterprise | T1140 | Deobfuscate/Decode Files or Information |
MirageFox has a function for decrypting data containing C2 configuration information.[1] |
|
Enterprise | T1574 | .001 | Hijack Execution Flow: DLL Search Order Hijacking |
MirageFox is likely loaded via DLL hijacking into a legitimate McAfee binary.[1] |
Enterprise | T1082 | System Information Discovery |
MirageFox can collect CPU and architecture information from the victim’s machine.[1] |
|
Enterprise | T1033 | System Owner/User Discovery |
MirageFox can gather the username from the victim’s machine.[1] |
Groups That Use This Software
ID | Name | References |
---|---|---|
G0004 | Ke3chang |
References
×