Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

Mango

Mango is a first-stage backdoor written in C#/.NET that was used by OilRig during the Juicy Mix campaign. Mango is the successor to Solar and includes additional exfiltration capabilities, the use of native APIs, and added detection evasion code.(Citation: ESET OilRig Campaigns Sep 2023)

ID: S1169

Type: MALWARE

Platforms: Windows

Created: 25 Nov 2024

Last Modified: 25 Nov 2024

Domain	ID		Name	Use
Techniques Used
Enterprise	T1071	.001	Application Layer Protocol: Web Protocols	Mango can retrieve C2 commands sent in HTTP responses.(Citation: ESET OilRig Campaigns Sep 2023)
Enterprise	T1132	.001	Data Encoding: Standard Encoding	Mango can receive Base64-encoded commands from C2.(Citation: ESET OilRig Campaigns Sep 2023)
Enterprise	T1573	.001	Encrypted Channel: Symmetric Cryptography	Mango can receive XOR-encrypted commands from C2.(Citation: ESET OilRig Campaigns Sep 2023)
		.002	Encrypted Channel: Asymmetric Cryptography	Mango can use TLS to encrypt C2 communications.(Citation: ESET OilRig Campaigns Sep 2023)
Enterprise	T1562	.001	Impair Defenses: Disable or Modify Tools	Mango contains an unused capability to block endpoint security solutions from loading user-mode code hooks via a DLL in a specified process by using the `UpdateProcThreadAttribute API` to set the `PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY` to `PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON` for an identified process. (Citation: ESET OilRig Campaigns Sep 2023)
Enterprise	T1027	.013	Obfuscated Files or Information: Encrypted/Encoded File	Mango contains a series of base64 encoded substrings.(Citation: ESET OilRig Campaigns Sep 2023)
Enterprise	T1053	.005	Scheduled Task/Job: Scheduled Task	Mango can create a scheduled task to run every 32 seconds to communicate with C2 and execute received commands.(Citation: ESET OilRig Campaigns Sep 2023)
Enterprise	T1204	.002	User Execution: Malicious File	Mango has been executed through a Microsoft Word document with a malicious macro.(Citation: ESET OilRig Campaigns Sep 2023)

ID	Name	References
Groups That Use This Software
		(Citation: ESET OilRig Campaigns Sep 2023)
G0049	OilRig	(Citation: ESET OilRig Campaigns Sep 2023)

References

Hromcova, Z. and Burgher, A. (2023, September 21). OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes. Retrieved November 21, 2024.

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

Mango

Techniques Used

Groups That Use This Software

References