Mango

Malware updated a year ago (2024-11-29T14:50:27.780Z)
Download STIX
Preview STIX
Mango is a sophisticated malware that was first detected in an executable named BOOSTWRITE, which was uploaded to VirusTotal on October 3. The code of this executable was signed using a certificate issued by MANGO ENTERPRISE LIMITED, indicating that the operators behind Mango were actively modifying the malware to evade traditional detection methods. A key timestamp anomaly relating to the certificate's validity window and the PE compilation time of BOOSTWRITE was later documented in a blog post by David Cannings, providing further insights into the malware's operations. In addition to its presence in BOOSTWRITE, Mango has also been associated with malicious Chrome extensions and the TrickBot ransomware dropper. Notably, two members of the malware gang responsible for TrickBot, known as Mikhail Tsarev (aka Mango) and Maksim Galochkin (aka Bentley), have recently come under new European sanctions. This highlights the international impact of Mango and the concerted efforts being made to combat its spread. In a separate but related development, Solana-based decentralized finance platform Mango Markets has been grappling with allegations of securities law violations brought forth by the U.S. Securities and Exchange Commission (SEC). Following a significant exploit, the platform has been considering a settlement with the SEC. William Frentzen, a former government prosecutor experienced in dealing with hackers, had previously assisted in recovering money stolen in a $110 million fraud case at Mango Markets. This situation underscores the broad array of cybersecurity challenges currently facing digital platforms and financial markets.
Description last updated: 2024-10-17T12:59:41.994Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
TrickBot is a possible alias for Mango. TrickBot is a notorious malware developed by cybercriminals to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. This malicious software can steal personal information, disrupt operations, or even hold data hostage for ransom. Vladimir Dunaev,
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Chrome
Windows
Scams
Exploit
Backdoor
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The OilRig Threat Actor is associated with Mango. OilRig, also known as APT34, Earth Simnavaz, Evasive Serpens, and other names, is a well-known threat actor in the cybersecurity industry. This group has been particularly active in targeting entities in the Middle East, including critical infrastructure and telecommunications organizations. One of Unspecified
2
Source Document References
Information about the Mango Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
ESET
13 days ago
Recorded Future
2 months ago
Securityaffairs
2 months ago
Malwarebytes
2 months ago
Securityaffairs
2 months ago
ESET
6 months ago
ESET
7 months ago
BankInfoSecurity
a year ago
BankInfoSecurity
a year ago
CERT-EU
2 years ago
MITRE
3 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
BankInfoSecurity
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago