SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
MirageFox
MirageFox is a remote access tool used against Windows systems. It appears to be an upgraded version of a tool known as Mirage, which is a RAT believed to originate in 2012. [1]
ID: S0280
Type: MALWARE
Platforms: Windows
Version: 1.0
Created: 17 October 2018
Last Modified: 17 October 2018
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| Enterprise | T1059 | Command-Line Interface |
MirageFox has the capability to execute commands using cmd.exe.[1] |
| Enterprise | T1043 | Commonly Used Port | |
| Enterprise | T1140 | Deobfuscate/Decode Files or Information |
MirageFox has a function for decrypting data containing C2 configuration information.[1] |
| Enterprise | T1038 | DLL Search Order Hijacking |
MirageFox is likely loaded via DLL hijacking into a legitimate McAfee binary.[1] |
| Enterprise | T1082 | System Information Discovery |
MirageFox can collect CPU and architecture information from the victim’s machine.[1] |
| Enterprise | T1033 | System Owner/User Discovery |
MirageFox can gather the username from the victim’s machine.[1] |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0004 | Ke3chang | [1] |
References
×