Mango
MITRE
Malware Type:
Other
Other
First seen:
Unknown
Unknown
Last seen:
Unknown
Unknown
Details:
[Mango](https://attack.mitre.org/software/S1169) is a first-stage backdoor written in C#/.NET that was used by [OilRig](https://attack.mitre.org/groups/G0049) during the [Juicy Mix](https://attack.mitre.org/campaigns/C0044) campaign. [Mango](https://attack.mitre.org/software/S1169) is the successor to [Solar](https://attack.mitre.org/software/S1166) and includes additional exfiltration capabilities, the use of native APIs, and added detection evasion code.(Citation: ESET OilRig Campaigns Sep 2023)
Associated Techniques (13)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1027.013 | Encrypted/Encoded File | - |
| T1033 | System Owner/User Discovery | - |
| T1041 | Exfiltration Over C2 Channel | - |
| T1053.005 | Scheduled Task | - |
| T1071.001 | Web Protocols | - |
| T1082 | System Information Discovery | - |
| T1083 | File and Directory Discovery | - |
| T1106 | Native API | - |
| T1132.001 | Standard Encoding | - |
| T1204.002 | Malicious File | - |
| T1562.001 | Disable or Modify Tools | - |
| T1573.001 | Symmetric Cryptography | - |
| T1573.002 | Asymmetric Cryptography | - |
Used by Actors (1)
Metadata
| ID: | 552 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |