Mongall
The MITRE Corporation
· Published 25/07/2022 19:00 · Modified 27/03/2026 01:05
Family
Essential information
- Confidence
- 100/100
- Is family
- Yes
- Published
- 25/07/2022 19:00
- Modified
- 27/03/2026 01:05
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Related entities
- 30 attack patterns (mitre), 1 intrusion sets (apt), 3 sectors, 5 countries, 99 indicators
Description
[Mongall](https://attack.mitre.org/software/S1026) is a backdoor that has been used since at least 2013, including by [Aoqin Dragon](https://attack.mitre.org/groups/G1007).(Citation: SentinelOne Aoqin Dragon June 2022)
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (30)
-
T1071.001 usesWeb Protocols MITRE
-
T1071 usesApplication Layer Protocol MITRE
-
T1574 usesHijack Execution Flow MITRE
-
T1082 usesSystem Information Discovery MITRE
-
T1120 usesPeripheral Device Discovery MITRE
-
T1218.011 usesRundll32 MITRE
-
T1105 usesIngress Tool Transfer MITRE
-
T1569 usesSystem Services MITRE
-
T1211 MITRE
-
T1033 usesSystem Owner/User Discovery MITRE
-
T1189 usesDrive-by Compromise MITRE
-
T1132.001 usesStandard Encoding MITRE
Intrusion sets (APT) (1)
-
Aoqin Dragon usesThe MITRE Corporation Confidence 100
[Aoqin Dragon](https://attack.mitre.org/groups/G1007) is a suspected Chinese cyber espionage threat group that has been active since at least 2013. [Aoqin Dragon](https://attack.mitre.org/groups/G1007) has primarily targeted government, education, and telecommunication organizations…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (3)
-
Government targets
-
Education targets
-
Telecommunications targets
Countries (5)
-
Singapore targets
-
Cambodia targets
-
Hong Kong targets
-
Viet Nam targets
-
Australia targets
Indicators (99)
-
stix 100/100 Revoked
ConventionEngine_Term_Desktop SHA256 of 97d30b904e7b521a9b7a629fdd1e0ae8a5bf8238
· Valid until 12/09/2023 · Source: AlienVault -
stix 100/100 Revoked
Trojan:Win32/Pynamer.A!ac SHA256 of 03a5bee9e9686c18a4f673aadd1e279f53e1c68f
· Valid until 12/09/2023 · Source: AlienVault