MirageFox

MirageFox is a remote access tool used against Windows systems. It appears to be an upgraded version of a tool known as Mirage, which is a RAT believed to originate in 2012. [1]

ID: S0280
Aliases: MirageFox
Type: MALWARE
Platforms: Windows

Version: 1.0

Alias Descriptions

NameDescription
MirageFox[1]

Techniques Used

DomainIDNameUse
EnterpriseT1059Command-Line InterfaceMirageFox has the capability to execute commands using cmd.exe.[1]
EnterpriseT1043Commonly Used PortMirageFox uses port 80 for C2.[1]
EnterpriseT1140Deobfuscate/Decode Files or InformationMirageFox has a function for decrypting data containing C2 configuration information.[1]
EnterpriseT1038DLL Search Order HijackingMirageFox is likely loaded via DLL hijacking into a legitimate McAfee binary.[1]
EnterpriseT1082System Information DiscoveryMirageFox can collect CPU and architecture information from the victim’s machine.[1]
EnterpriseT1033System Owner/User DiscoveryMirageFox can gather the username from the victim’s machine.[1]

Groups

Groups that use this software:

Ke3chang

References