ioc[.]one - OSINT Cyber Threat Intelligence Database

The Mirage Campaign

Tags

country:	Egypt Brazil Canada China Nigeria India Israel Philippines Yemen Taiwan United States Of America
attack-pattern:	Data Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Connection Proxy - T1090 Default Credentials

Show in Graph

Common Information

Type	Value
UUID	9d7cda78-fc54-442a-9eeb-35dd179cc44f
Fingerprint	24050d8b8172eec5
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 18, 2012, midnight
Added to db	Dec. 18, 2024, 9:13 p.m.
Last updated	Dec. 25, 2024, 11:26 a.m.
Headline	The Mirage Campaign
Title	The Mirage Campaign
Detected Hints/Tags/Attributes	76/2/96

Source URLs

	Redirection	Url
Details	Source	https://www.secureworks.com/research/the-mirage-campaign

URL Provider

Details	Provider	Source level domain
Details	secureworks.com	www.secureworks.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	dyndns.com
Details	Domain	50	checkip.dyndns.org
Details	Domain	1	adobesuit.com
Details	Domain	1	antivirusbar.org
Details	Domain	1	echosky.biz
Details	Domain	1	india-videoer.com
Details	Domain	2	asia-online.us
Details	File	1200	svchost.exe
Details	File	2	ernel32.dll
Details	File	10	thumb.db
Details	File	175	csrss.exe
Details	File	16	reader_sl.exe
Details	File	5	msn.exe
Details	md5	1	ce1cdc9c95a6808945f54164b2e4d9d2
Details	md5	1	1045e26819ff782015202838e2c609f7
Details	md5	1	5efd0d7f52890291599c8562e8ea92db
Details	md5	1	eacd03ee55ea7d22b45762c82ae1c0e5
Details	md5	1	5326e4fe9fd10e37d46e81c0f6bbf29a
Details	md5	1	b2e821828df59c734c1cc379ef7f3122
Details	md5	1	875877eedcd9f2d60bf63937fe22073d
Details	md5	1	02d77cdaa808ded64d09eea732a586cc
Details	md5	1	18a5c6e92b962bc6512486db94bb17a7
Details	md5	1	32b33321290ac8011aa218da554b8fa5
Details	md5	1	f41896e9f77855842380fd9ed795bc64
Details	md5	1	407c291cd5c73da680fa9af9ec017fff
Details	md5	1	7adb0f22468c10901bd280b2d8a154b0
Details	md5	1	abac650ab39c0dd074310710081d715d
Details	md5	1	c9e49c504d5ca953c858d29b7a2acb9d
Details	md5	1	aaa9aae486ee7342d29a0a2f9b0ca205
Details	md5	1	7ad79f9a0efde6f4673585e400f29f18
Details	md5	1	e29ab99be392bb7012f516a2dbfdc00c
Details	md5	1	8caf2a96e4d7bb83156c260ccc8f47e7
Details	md5	1	a4ff66224a0967763e1d079c99482577
Details	md5	1	f0b93bf7273cbeaed69ed55b5169daf7
Details	md5	1	3be6fea2bf35c3c3be860622c68ff369
Details	md5	1	5fa26f410d0133f4152ea78df3978c22
Details	md5	1	3d10e68dec16b1a4bf949e3e403f2dda
Details	md5	1	5c371a6dfb45f188fe8e6da4fee9300d
Details	md5	1	9ff3a9ef192453ecec26cf567c579bff
Details	md5	1	65445b138d80954cc912a6e43fe5b66d
Details	md5	1	685805936d8744225f8c11965202de8e
Details	md5	1	80e978d0eea713812f1dd6b4e9b7daf2
Details	md5	1	921c724ccb04b9f672b294ffff83ce7b
Details	md5	1	072877b961e31e8792a296c63b9c7b56
Details	md5	1	1a8bc862ceaa7e05189345065145842a
Details	md5	1	6794cc6f5e463ee7432b9e718d8c1b8e
Details	md5	1	fdb949112cc72c68fc7c1ea0c65344bc
Details	md5	1	f4a6114fce22eb18b0ccf19cfa68ddba
Details	md5	1	5640beb540bef2e97ec4366713d533b8
Details	md5	1	0f93d28964b440c241ca126a7f94dae2
Details	md5	1	075df4723073ff08cd3e90d2b1f11722
Details	md5	1	240627a306f32483378e44ff13e12169
Details	md5	1	5f2a4d865e6e94f7f15571faab5128d6
Details	md5	1	f51fbafc652e10a9ce13795d4cb2d449
Details	md5	1	a748ff9663b2d39a35e4c073b73cd7f6
Details	md5	1	e7d5ac11903c0217a999a79bc87182d2
Details	md5	1	1b918c8a40dc4a66430cfec7dabeb7f3
Details	md5	1	c72d7794dc7f2eda6b44b934fe8fff1c
Details	md5	1	ad2dda9241cd6c0e879ab665d77ce13c
Details	md5	1	ccf34d2ba81de856af8167e73d0c8b69
Details	md5	1	ebe7699033424b9ef444364bd23ba665
Details	md5	1	7349c7908a672de885fdf9f9cc4547b5
Details	md5	1	eacd14ce8414911546cb027a8cb2fecd
Details	md5	1	4b9723a4060838114e53d1df3fa2537a
Details	md5	1	070ef82a0bded089b6f996a392ca7b9a
Details	md5	1	286f7b377f5d0ca3505ed1ba6601c947
Details	md5	1	4d74a83e2f623f17e17eb95736dc587b
Details	md5	1	a4b9bfc5aa5e37cc613112b9a9dcdb3e
Details	md5	1	fb17ffc7495880a7c19df0ebe5c97ad7
Details	md5	1	3bfa7b806ff540cc1c264ec75048fbc4
Details	md5	1	05a02e08cce99d3821574d8612f757fd
Details	md5	1	d60cfe03bce8647cce723991e2cd2f8c
Details	md5	1	6ed270da7450945a3a5a05eda8312732
Details	md5	1	a1083968b78c081135268b6e4e12b1e5
Details	md5	1	0fce05e2cea6bd9c217373f2ab962d82
Details	md5	1	85ef19fab3951d4dd56e42b5a9ccdeea
Details	md5	1	422f1ffe7e5bda7062f005be92fba36e
Details	md5	1	346aa61b5739e616482a1bc8bb548871
Details	md5	1	c2661e45ec2198b04b29ec3fd1e120b2
Details	md5	1	e04e5eb4aefeb326246d7f41d1b50759
Details	md5	1	eb1aa241b4a482ac44b27ce38eabccb7
Details	md5	1	418fb9ba2a61bccab3e54ebe0698c4b6
Details	md5	1	590e68aaaa5c2353b7288f64cc87d9bb
Details	md5	1	1f9894e730c0f5ba085baae409aa963a
Details	md5	1	11b76423f450ba610f073e7522eeb56b
Details	md5	1	54d37fb1f624c798f0b400b4f50f3635
Details	md5	1	7fda0451e4d320cc34efcaaabedd6824
Details	md5	1	84fc624f9f5f8de6980497058db1e8e1
Details	md5	1	964eec615f977b05bc87943ce0942cf9
Details	md5	1	5069057b799636c012eec38147fb96e6
Details	md5	1	a4a1670c537861f7d5b0db115a7aa5fa
Details	md5	1	00b9619613bc82f5fe117c2ca394a328
Details	md5	1	2219bef789ff73efc0a01f87be03188d
Details	Pdb	2	server.pdb
Details	Pdb	1	miragefox_server.pdb
Details	Yara rule	1	rule Mirage_APT_Backdoor : APT Mirage Backdoor Rat MirageRat { meta: author = "Silas Cutler ( [email protected] )" version = "1.0" description = "Malware related to APT campaign" type = "APT Trojan / RAT / Backdoor" strings: $a1 = "welcome to the desert of the real" $a2 = "Mirage" $b = "Encoding: gzip" $c = /\/[A-Za-z]*\?hl=en/ condition: (($a1 or $a2) or $b) and $c }