{"description": "Enterprise techniques used by Mango, ATT&CK software S1169 (v1.0)", "name": "Mango (S1169)", "domain": "enterprise-attack", "versions": {"layer": "4.5", "attack": "19", "navigator": "5.3.2"}, "techniques": [{"techniqueID": "T1071", "showSubtechniques": true}, {"techniqueID": "T1071.001", "comment": "[Mango](https://attack.mitre.org/software/S1169) can retrieve C2 commands sent in HTTP responses.(Citation: ESET OilRig Campaigns Sep 2023)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1132", "showSubtechniques": true}, {"techniqueID": "T1132.001", "comment": "[Mango](https://attack.mitre.org/software/S1169) can receive Base64-encoded commands from C2.(Citation: ESET OilRig Campaigns Sep 2023)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1685", "comment": "[Mango](https://attack.mitre.org/software/S1169) contains an unused capability to block endpoint security solutions from loading user-mode code hooks via a DLL in a specified process by using the `UpdateProcThreadAttribute\u202fAPI` to set the `PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY` to `PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON` for an identified process.\u202f(Citation: ESET OilRig Campaigns Sep 2023)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1573", "showSubtechniques": true}, {"techniqueID": "T1573.001", "comment": "[Mango](https://attack.mitre.org/software/S1169) can receive XOR-encrypted commands from C2.(Citation: ESET OilRig Campaigns Sep 2023)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1573.002", "comment": "[Mango](https://attack.mitre.org/software/S1169) can use TLS to encrypt C2 communications.(Citation: ESET OilRig Campaigns Sep 2023)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1041", "comment": "[Mango](https://attack.mitre.org/software/S1169) can use its HTTP C2 channel for exfiltration.(Citation: ESET OilRig Campaigns Sep 2023)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1083", "comment": "[Mango](https://attack.mitre.org/software/S1169) can enumerate the contents of current working or other specified directories.(Citation: ESET OilRig Campaigns Sep 2023)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1106", "comment": "[Mango](https://attack.mitre.org/software/S1169) has the ability to use Native APIs.(Citation: ESET OilRig Campaigns Sep 2023)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1027", "showSubtechniques": true}, {"techniqueID": "T1027.013", "comment": "[Mango](https://attack.mitre.org/software/S1169) contains a series of base64 encoded substrings.(Citation: ESET OilRig Campaigns Sep 2023)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1053", "showSubtechniques": true}, {"techniqueID": "T1053.005", "comment": "[Mango](https://attack.mitre.org/software/S1169) can create a scheduled task to run every 32 seconds to communicate with C2 and execute received commands.(Citation: ESET OilRig Campaigns Sep 2023)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1082", "comment": "[Mango](https://attack.mitre.org/software/S1169) can collect the machine name of a compromised system which is later used as part of a unique victim identifier.(Citation: ESET OilRig Campaigns Sep 2023)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1033", "comment": "[Mango](https://attack.mitre.org/software/S1169) can collect the user name from a compromised system which is used to create a unique victim identifier.(Citation: ESET OilRig Campaigns Sep 2023)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1204", "showSubtechniques": true}, {"techniqueID": "T1204.002", "comment": "[Mango](https://attack.mitre.org/software/S1169) has been executed through a Microsoft Word document with a malicious macro.(Citation: ESET OilRig Campaigns Sep 2023)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by Mango", "color": "#66b1ff"}]}