Difference between revisions of "Mirage"
Jump to navigation
Jump to search
m (1 revision imported) |
m (Text replacement - "=Unknown" to "=") |
||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
{{Botnet | {{Botnet | ||
|Introduction=* Related to: [[sibling::Lingbo]] (similar behaviour), [[ | |Introduction=* Related to: [[sibling::Lingbo]] (similar behaviour), [[sibling::Sin Digoo]] (same domain owners) | ||
|Alias=MirageFox | |||
|Sibling=Lingbo, Sin Digoo, | |||
|Target= | |||
|UserAgent=Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) | |||
|CCProtocol=HTTP | |||
|Status= | |||
|BeginYear= | |||
|EndYear= | |||
|Group=Spying | |||
|Fonctionnalités=* [[feature::Phone home]] (with system information) | |Fonctionnalités=* [[feature::Phone home]] (with system information) | ||
* [[feature::Dynamic DNS]] | * [[feature::Dynamic DNS]] | ||
|Infrastructure=* [[port::TCP/80]], [[port::TCP/443]], [[port::TCP/8080]] | |Infrastructure=* [[port::TCP/80]], [[port::TCP/443]], [[port::TCP/8080]] | ||
* Use of servers with [[related to::HTran]] to proxy the connections | * Use of servers with [[related to::HTran]] to proxy the connections | ||
|Language1=Chinese | |Language1=Chinese | ||
|Yara rules=<syntaxhighlight lang='perl'>rule Mirage_APT_Backdoor : APT Mirage Backdoor Rat MirageRat | |Yara rules=<syntaxhighlight lang='perl'>rule Mirage_APT_Backdoor : APT Mirage Backdoor Rat MirageRat | ||
{ | { |
Latest revision as of 15:44, 8 August 2015
(Botnet) Link to the old Wiki page : [1] / Google search: [2]
Mirage | |
---|---|
Alias | MirageFox |
Group | Spying |
Parent | |
Sibling | Lingbo, Sin Digoo |
Family | |
Relations | Variants: Sibling of: |
Target | |
Origin | |
Distribution vector | |
UserAgent | Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) |
CCProtocol | HTTP (Centralized) |
Activity | / |
Status | |
Language | |
Programming language | |
Operation/Working group |
Introduction
Features
Associated images
Checksums / AV databases
Publications
Author | Editor | Year | |
---|---|---|---|
The Mirage campaign | Silas Cutler | DELL SecureWorks | 2012 |