Upload File

mirage malware siddartha eleti clemson university

  • Home
  • Documents
  • MIRAGE MALWARE SIDDARTHA ELETI CLEMSON UNIVERSITY
15
MIRAGE MALWARE SIDDARTHA ELETI CLEMSON UNIVERSITY

Upload: leticia-slate

Post on 22-Dec-2015

232 views

Category:

Documents


0 download

Report

Tags:

TRANSCRIPT

  • Slide 1
  • Slide 2
  • MIRAGE MALWARE SIDDARTHA ELETI CLEMSON UNIVERSITY
  • Slide 3
  • CONTENTS: 1. WHAT IS MALWARE 2. WHAT IS MIRAGE 3. HOW DOES MIRAGE WORK 4. CONCLUSION
  • Slide 4
  • WHAT IS MALWARE? Malware is a malicious program that is meant to disrupt computer operations, gather sensitive information, or gain access to private computer systems. Malware could be code or scripts or active content etc. Over the past few decades many malwares like STUXNET, Nimda, myDoom etc. have affected organizations, personal computers etc. and this year among many others its MIRAGE.
  • Slide 5
  • WHAT IS MIRAGE? Mirage is a malware that has appeared under the radar since April 2012. Dell SecureWorks has been tracking a cyber espionage campaign that uses a remote access Trojan (RAT) named Mirage (also known as MirageFox.
  • Slide 6
  • HOW DOES MIRAGE WORK?
  • Slide 7
  • SPEAR-PISHING Mirage was intended to attack individuals at big oil and energy companies. So it uses a technique called Spear-Pishing. Spear-Pishing is a process of acquiring sensitive information from specific individuals or an organization by masquerading as a trustworthy entity. In this scenario, the attackers gather personal information about the targets to increase their probability of success.
  • Slide 8
  • INSTALLATION The spearpishing emails contains an attachment that includes malicious payload which installs a copy of Mirage on the computer The attachments are stand-alone executable files that open an embedded PDF and execute the Mirage Trojan in the background Mirage installs itself into c:\Windows or the Users Home directory It also creates a backboor which waits for instructions from the attacker Mirage creates registry keys on every boot so that the system remains infected
  • Slide 9
  • COMMUNICATION Mirage phones home to its c2 servers using standard HTTP Post request over the ports 80, 443 and 8080. It can also use SSL for added security. Iniitial phone-home request contains detailed system information of the infected system. Example : Once the c2 server gets this it responds with HTTP response code 200 ok.
  • Slide 10
  • After a successful connection, infected system still sends regular check-in updates with its mac address in it. All of its communications with its command and control servers are disguised to appear like the URL traffic pattern associated with Google searches. VARIANT 2: Another variant of Mirage uses HTTP Get requests for communication. In this variant instead of Mirage in the beginning of the message it uses It is the end of the world and I feel Fine", from the REM song "It's the end of the world."
  • Slide 11
  • VICTIMS The picture below shows the sources of infected hosts. After deep analysis researchers have found one infected host, an executive-level finance manager of the Philippine-based oil company.
  • Slide 12
  • ATTACKERS SecureWorks have identified that the attackers were operating out of china. Used dynamic DNS domains for callbacks to c2 servers. The hosting companies in US were running Htran. In 2011 analysis the software author was identified as member of Chinese hacker group HUC, the Honker Union of China. Despite efforts during analysis of home phone activity researches four unique second-level domains were identified of which two shares a common email Id.
  • Slide 13
  • INTENTIONS The intention behind the attacks are still not known but they have hit many energy and oil companies world wide. Its unclear about what kind of data they were trying to steal from the specific targets yet.
  • Slide 14
  • CONCLUSION Mirage was a light weight simple malware which proved to be effective because it was able to reach mid and senior-level executives. This malware represents only a small piece of an ongoing worldwide campaign. This proves that for a successful campaign only a small quantity of infected systems are required.
  • Slide 15
  • CITED SITES http://www.secureworks.com/cyber-threat-intelligence/threats/the- mirage-campaign/ http://www.secureworks.com/cyber-threat-intelligence/threats/the- mirage-campaign/ http://news.cnet.com/8301-1009_3-57517388-83/cyberspying-effort- drops-mirage-on-energy-firms/ http://news.cnet.com/8301-1009_3-57517388-83/cyberspying-effort- drops-mirage-on-energy-firms/ http://www.scmagazine.com/new-espionage-campaign-tied-to-rsa- breach-ghostnet-attacks/article/259991/ http://www.scmagazine.com/new-espionage-campaign-tied-to-rsa- breach-ghostnet-attacks/article/259991/ http://en.wikipedia.org/wiki/Malware
  • Slide 16
  • Thank you

Mirage Brochure

VMware Mirage Installation Guide - Mirage 5pubs.vmware.com/mirage-52/topic/com.vmware.ICbase/PDF/mirage... · VMware Mirage Installation Guide Mirage 5.2 This document supports the

Siddartha by Herman Hesse

Mirage 2013

Siddartha: Meeting The Buddha - Amazon S3€¦ · Siddartha: Meeting The Buddha by Hermann Hesse Things To Know/ Things To Think About The childhood of Herman Hesse was best characterized

MIRAGE - digiLEDdigiled.com/digiLED_MIRAGE_SERIES.pdf · MIRAGE THE LED SCREEN EXPERTS MIRAGE D, K AND BLACK POS-ITIVE RELIABLE PERFORMANCE SERIES The digiLED MIRAGE Series LED modules

GENUINE ACCESSORIES YOURS, AND MIRAGE G4 MIRAGE … · MIRAGE G4 DESIGN MIRAGE ALWAYS UP FOR A GOOD TIME Inside and out, the 2019 Mirage offers bold and energetic styling. Its distinct

Mirage 2010

Mirage marbles

VMware Mirage API Programming Guide - Mirage 5.8pubs.vmware.com/mirage-581/topic/com.vmware.ICbase/... · VMware Mirage API Programming Guide Mirage 5.8.1 This document supports the

Mirage 2000

Miragesesge.ae/pdf/SMDB-Mirage Catalogue.pdf · Mirage XT 250 4 Mirage XT 400 7 Mirage XT 630 10 Mirage Formula 250 14 Mirage Formula 400 17 Mirage Formula 630 20 Accessories 23 Dimensions

Catalog Mirage

Presentation Mirage

DR DASHRATH CHAUDHARY NATIONAL POLYTECHNIC,BANSI,SIDDARTHA ...bteup.ac.in/pdffiles/elist/443.pdf · 443-dr dashrath chaudhary national polytechnic,bansi,siddartha nagar ... dr dashrath

Founder Institute, Siddartha S Verma

VMware Mirage Web Management Guide - Mirage 5.7

VMware Mirage Getting Started Guide - Mirage 5pubs.vmware.com/mirage-57/topic/com.vmware.ICbase/PDF/mirage... · VMware Mirage Getting Started Guide Mirage 5.7 ... 2 Mirage System

Mirage 2015

Teachers Guide: Siddartha; Meeting the Buddha

Mirage 2014

CITY OF RANCHO MIRAGE RANCHO MIRAGE ... - Library Technology

The Life Of Siddartha Gautama

Two-Pass Realtime Rendering of Mirage Effectscutler/classes/advanced... · mirage, no mirage, and superior mirage effects. 1 Two-Pass Realtime Rendering of Mirage Effects Justin Tolmar

Siddartha Chib e Ivan Jeliazkov - Marginal Likelihood Form the Metropolis-Hastings Output

VMware Mirage Web Manager Guide - Mirage 5.1

VMware Mirage Administrator's Guide - Mirage 5.4

Mitsubishi Mirage

SIDD-SAPHIRE-8PAGES - Siddartha Builders · LUXURY APARTMENTS Kudlu Off' Hosur Road Siddartha A PROJECT OF # 990, Gomatha Building Ground Floor, 20th Cross. 5th Main IISR 7111 Sector

Problem 5. Mirage. Mirage Create a mirage like a road or desert mirage in the laboratory and study its parameters

HONEYPOT By SIDDARTHA ELETI CLEMSON UNIVERSITY. Introduction Introduced in 1990/1991 by Clifford Stoll’s in his book “The Cuckoo’s Egg” and by Bill Cheswick’s

SIDDARTHA INSTITUTE OF SCIENCE AND TECHNOLOGY: …

THINK SMART THINK COOL Model: Ventus THINK MIRAGE … · HVAC Mirage THINK SMART THINK COOL THINK MIRAGE Mirage products are subject to continuous improvements. Mirage reserves the

Mirage condo

Mirage Model 4000 Mirage Model 3000 Hydraulic Patient Chairc1-preview.prosites.com/106982/wy/docs/TPC Mirage Operating Man… · Mirage Model 4000 Mirage Model 3000 Hydraulic Patient