Threat group that has targeted Japanese organizations with phishing emails. Due to overlapping TTPs, including similar custom tools, DragonOK is thought to have a direct or indirect relationship with the threat group Moafee. 2223 It is known to use a variety of malware, including Sysget/HelloBridge, PlugX, PoisonIvy, FormerFirstRat, NFlog, and NewCT.
Also known as
Moafee, BRONZE OVERBROOK, G0017, G0002, Shallow Taurus.
References
- fireeye.com
- attack.mitre.org
- forcepoint.com
- github.com
- cfr.org
- unit42.paloaltonetworks.com
- unit42.paloaltonetworks.com
- phnompenhpost.com
- attack.mitre.org
- attack.mitre.org
- secureworks.com
- unit42.paloaltonetworks.com
Actor metadata imported from Malpedia (Fraunhofer FKIE).