2017-10-06 16:56:24 +02:00
{
2018-11-06 21:10:40 +01:00
"id" : "bundle--96a6ea7a-fcff-4aab-925b-a494bcdf0480" ,
2017-10-06 16:56:24 +02:00
"objects" : [
{
"aliases" : [
"DragonOK"
2018-11-06 21:10:40 +01:00
] ,
"created" : "2017-05-31T21:31:53.197755Z" ,
"created_by_ref" : "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" ,
"description" : "DragonOK is a threat group that has targeted Japanese organizations with phishing emails. Due to overlapping TTPs, including similar custom tools, DragonOK is thought to have a direct or indirect relationship with the threat group Moafee. [[Citation: Operation Quantum Entanglement]][[Citation: Symbiotic APT Groups]] It is known to use a variety of malware, including Sysget/HelloBridge, PlugX, PoisonIvy, FormerFirstRat, NFlog, and NewCT. [[Citation: New DragonOK]]" ,
2017-10-06 16:56:24 +02:00
"external_references" : [
{
2018-11-06 21:10:40 +01:00
"external_id" : "G0017" ,
"source_name" : "mitre-attack" ,
2017-10-06 16:56:24 +02:00
"url" : "https://attack.mitre.org/wiki/Group/G0017"
2018-11-06 21:10:40 +01:00
} ,
2017-10-06 16:56:24 +02:00
{
2018-11-06 21:10:40 +01:00
"description" : "Haq, T., Moran, N., Vashisht, S., Scott, M. (2014, September). OPERATION QUANTUM ENTANGLEMENT. Retrieved November 4, 2015." ,
"source_name" : "Operation Quantum Entanglement" ,
2017-10-06 16:56:24 +02:00
"url" : "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-quantum-entanglement.pdf"
2018-11-06 21:10:40 +01:00
} ,
2017-10-06 16:56:24 +02:00
{
2018-11-06 21:10:40 +01:00
"description" : "Haq, T. (2014, October). An Insight into Symbiotic APT Groups. Retrieved November 4, 2015." ,
"source_name" : "Symbiotic APT Groups" ,
2017-10-06 16:56:24 +02:00
"url" : "https://dl.mandiant.com/EE/library/MIRcon2014/MIRcon%202014%20R&D%20Track%20Insight%20into%20Symbiotic%20APT.pdf"
2018-11-06 21:10:40 +01:00
} ,
2017-10-06 16:56:24 +02:00
{
2018-11-06 21:10:40 +01:00
"description" : "Miller-Osborn, J., Grunzweig, J.. (2015, April). Unit 42 Identifies New DragonOK Backdoor Malware Deployed Against Japanese Targets. Retrieved November 4, 2015." ,
"source_name" : "New DragonOK" ,
2017-10-06 16:56:24 +02:00
"url" : "http://researchcenter.paloaltonetworks.com/2015/04/unit-42-identifies-new-dragonok-backdoor-malware-deployed-against-japanese-targets/"
}
2018-11-06 21:10:40 +01:00
] ,
"id" : "intrusion-set--f3bdec95-3d62-42d9-a840-29630f6cdc1a" ,
"modified" : "2017-05-31T21:31:53.197755Z" ,
"name" : "DragonOK" ,
2017-10-06 16:56:24 +02:00
"object_marking_refs" : [
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
2018-11-06 21:10:40 +01:00
] ,
2017-10-06 16:56:24 +02:00
"type" : "intrusion-set"
}
2018-11-06 21:10:40 +01:00
] ,
"spec_version" : "2.0" ,
2017-10-06 16:56:24 +02:00
"type" : "bundle"
2018-11-06 21:10:40 +01:00
}