Mongall
The MITRE Corporation
· Published 25/07/2022 19:00 · Modified 27/03/2026 01:05
Family
Essential information
- Confidence
- 100/100
- Is family
- Yes
- Published
- 25/07/2022 19:00
- Modified
- 27/03/2026 01:05
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Related entities
- 30 attack patterns (mitre), 1 intrusion sets (apt), 3 sectors, 5 countries, 99 indicators
Description
[Mongall](https://attack.mitre.org/software/S1026) is a backdoor that has been used since at least 2013, including by [Aoqin Dragon](https://attack.mitre.org/groups/G1007).(Citation: SentinelOne Aoqin Dragon June 2022)
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (30)
-
T1547.001 usesRegistry Run Keys / Startup Folder MITRE
-
T1027.002 usesSoftware Packing MITRE
-
T1055.001 usesDynamic-link Library Injection MITRE
-
T1005 usesData from Local System MITRE
-
T1560 usesArchive Collected Data MITRE
-
T1027 usesObfuscated Files or Information MITRE
-
T1140 usesDeobfuscate/Decode Files or Information MITRE
-
T1055 usesProcess Injection MITRE
-
T1091 usesReplication Through Removable Media MITRE
-
T1204 usesUser Execution MITRE
-
T1041 usesExfiltration Over C2 Channel MITRE
-
T1547 usesBoot or Logon Autostart Execution MITRE
Intrusion sets (APT) (1)
-
Aoqin Dragon usesThe MITRE Corporation Confidence 100
[Aoqin Dragon](https://attack.mitre.org/groups/G1007) is a suspected Chinese cyber espionage threat group that has been active since at least 2013. [Aoqin Dragon](https://attack.mitre.org/groups/G1007) has primarily targeted government, education, and telecommunication organizations…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (3)
-
Government targets
-
Education targets
-
Telecommunications targets
Countries (5)
-
Singapore targets
-
Cambodia targets
-
Hong Kong targets
-
Viet Nam targets
-
Australia targets
Indicators (99)
-
stix 100/100 Revoked
ConventionEngine_Term_Desktop SHA256 of 97d30b904e7b521a9b7a629fdd1e0ae8a5bf8238
· Valid until 12/09/2023 · Source: AlienVault -
stix 100/100 Revoked
Trojan:Win32/Pynamer.A!ac SHA256 of 03a5bee9e9686c18a4f673aadd1e279f53e1c68f
· Valid until 12/09/2023 · Source: AlienVault