Volatility3 MCP Server

Overview Schema Related Servers Score Discussions

APT_Mongall.yar•1.41 KiB

/*
    This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as    long as you use it under this license.

*/

import "pe"

rule Backdoor_APT_Mongal
{

    meta:
        author = "@patrickrolsen"
        maltype = "Backdoor.APT.Mongall"
        version = "0.1"
        reference = "fd69a799e21ccb308531ce6056944842"
        date = "01/04/2014"

    strings:
        $author  = "author user"
        $title   = "title Vjkygdjdtyuj" nocase
        $comp    = "company ooo"
        $cretime = "creatim\\yr2012\\mo4\\dy19\\hr15\\min10"
        $passwd  = "password 00000000"

    condition:
        all of them
}

rule MongalCode
{
    meta:
        description = "Mongal code features"
        author = "Seth Hardy"
        last_modified = "2014-07-15"

    strings:
        // gettickcount value checking
        $ = { 8B C8 B8 D3 4D 62 10 F7 E1 C1 EA 06 2B D6 83 FA 05 76 EB }

    condition:
        any of them
}

rule MongalStrings
{

    meta:
        description = "Mongal Identifying Strings"
        author = "Seth Hardy"
        last_modified = "2014-07-15"

    strings:
        $ = "NSCortr.dll"
        $ = "NSCortr1.dll"
        $ = "Sina.exe"

    condition:
        any of them
}

rule Mongal
{

    meta:
        description = "Mongal"
        author = "Seth Hardy"
        last_modified = "2014-07-15"

    condition:
        MongalCode or MongalStrings
}

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Kirandawadi/volatility3-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

APT_Mongall.yar•1.41 KiB

/*
    This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as    long as you use it under this license.

*/

import "pe"

rule Backdoor_APT_Mongal
{

    meta:
        author = "@patrickrolsen"
        maltype = "Backdoor.APT.Mongall"
        version = "0.1"
        reference = "fd69a799e21ccb308531ce6056944842"
        date = "01/04/2014"

    strings:
        $author  = "author user"
        $title   = "title Vjkygdjdtyuj" nocase
        $comp    = "company ooo"
        $cretime = "creatim\\yr2012\\mo4\\dy19\\hr15\\min10"
        $passwd  = "password 00000000"

    condition:
        all of them
}

rule MongalCode
{
    meta:
        description = "Mongal code features"
        author = "Seth Hardy"
        last_modified = "2014-07-15"

    strings:
        // gettickcount value checking
        $ = { 8B C8 B8 D3 4D 62 10 F7 E1 C1 EA 06 2B D6 83 FA 05 76 EB }

    condition:
        any of them
}

rule MongalStrings
{

    meta:
        description = "Mongal Identifying Strings"
        author = "Seth Hardy"
        last_modified = "2014-07-15"

    strings:
        $ = "NSCortr.dll"
        $ = "NSCortr1.dll"
        $ = "Sina.exe"

    condition:
        any of them
}

rule Mongal
{

    meta:
        description = "Mongal"
        author = "Seth Hardy"
        last_modified = "2014-07-15"

    condition:
        MongalCode or MongalStrings
}