Difference between revisions of "Mirage"
Jump to navigation
Jump to search
m (1 revision imported) |
|||
| Line 1: | Line 1: | ||
{{Botnet | {{Botnet | ||
|Introduction=* Related to: [[sibling::Lingbo]] (similar behaviour), [[ | |Introduction=* Related to: [[sibling::Lingbo]] (similar behaviour), [[sibling::Sin Digoo]] (same domain owners) | ||
| | |Alias=MirageFox | ||
|Sibling=Lingbo, Sin Digoo, | |||
| | |Target=Unknown | ||
|UserAgent=Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) | |UserAgent=Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) | ||
|CCProtocol=HTTP | |CCProtocol=HTTP | ||
|Status=Unknown | |Status=Unknown | ||
|BeginYear=Unknown | |BeginYear=Unknown | ||
|EndYear=Unknown | |EndYear=Unknown | ||
|Group=Spying | |Group=Spying | ||
| | |Fonctionnalités=* [[feature::Phone home]] (with system information) | ||
* [[feature::Dynamic DNS]] | |||
|Infrastructure=* [[port::TCP/80]], [[port::TCP/443]], [[port::TCP/8080]] | |||
* Use of servers with [[related to::HTran]] to proxy the connections | |||
|Language1=Chinese | |||
|Yara rules=<syntaxhighlight lang='perl'>rule Mirage_APT_Backdoor : APT Mirage Backdoor Rat MirageRat | |Yara rules=<syntaxhighlight lang='perl'>rule Mirage_APT_Backdoor : APT Mirage Backdoor Rat MirageRat | ||
{ | { | ||
Revision as of 17:52, 31 July 2015
(Botnet) Link to the old Wiki page : [1] / Google search: [2]
| Mirage | |
|---|---|
| Alias | MirageFox |
| Group | Spying |
| Parent | |
| Sibling | Lingbo, Sin Digoo |
| Family | |
| Relations | Variants: Sibling of: |
| Target | Unknown |
| Origin | |
| Distribution vector | |
| UserAgent | Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) |
| CCProtocol | HTTP (Centralized) |
| Activity | Unknown / Unknown |
| Status | Unknown |
| Language | |
| Programming language | |
| Operation/Working group | |
Introduction
Features
Associated images
Checksums / AV databases
Publications
| Author | Editor | Year | |
|---|---|---|---|
| The Mirage campaign | Silas Cutler | DELL SecureWorks | 2012 |