Introduction
DragonOK is a threat group that has targeted Japanese organizations with phishing emails. Due to overlapping TTPs, including similar custom tools, DragonOK is thought to have a direct or indirect relationship with the threat group Moafee. Operation Quantum Entanglement It is known to use a variety of malware, including Sysget/HelloBridge, PlugX, PoisonIvy, FormerFirstRat, NFlog, and NewCT. New DragonOK
Activities and Tactics
Targeted Sectors: Private sector
Country of Origin: 🇨🇳 China
Risk Level: High
First Seen: 2017
Last Activity: 2022
Incident Type: Espionage
Suspected Victims: United States
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No atomic indicators are listed in this profile. The APTnotes snapshot indexes 2 public reports that may contain IOCs; see Source Attribution for dataset links.
Malware and Tools
- PlugX
- PoisonIvy
- CVE-2015-1641:
- Sysget:
- IsSpace:
- Rambo Backdoor:
MITRE ATT&CK Software
Attribution and Evidence
Country of Origin: China Additional attribution information pending cataloguing.
References
[1] mitre-attack [3] Operation Quantum Entanglement Haq, T., Moran, N., Vashisht, S., Scott, M. (2014, September). OPERATION QUANTUM ENTANGLEMENT. Retrieved November 17, 2024. [4] New DragonOK Miller-Osborn, J., Grunzweig, J.. (2015, April). Unit 42 Identifies New DragonOK Backdoor Malware Deployed Against Japanese Targets. Retrieved November 4, 2015.