From 963cd23b1ffb5caa14a3c3d1a9a9dfb6cabfed9c Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Mon, 1 Aug 2016 16:39:08 +0200 Subject: [PATCH] DragonOK added --- elements/adversary-groups.json | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/elements/adversary-groups.json b/elements/adversary-groups.json index 225aae1e..0de1143f 100644 --- a/elements/adversary-groups.json +++ b/elements/adversary-groups.json @@ -880,6 +880,12 @@ "group": "Poseidon Group", "description": "Poseidon Group is a Portuguese-speaking threat group that has been active since at least 2005. The group has a history of using information exfiltrated from victims to blackmail victim companies into contracting the Poseidon Group as a security firm.", "refs": ["https://securelist.com/blog/research/73673/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/","https://attack.mitre.org/wiki/Groups"] + }, + { + "group": "DragonOK", + "description": "Threat group that has targeted Japanese organizations with phishing emails. Due to overlapping TTPs, including similar custom tools, DragonOK is thought to have a direct or indirect relationship with the threat group Moafee. 2223 It is known to use a variety of malware, including Sysget/HelloBridge, PlugX, PoisonIvy, FormerFirstRat, NFlog, and NewCT.", + "country": "CN", + "refs": ["https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-quantum-entanglement.pdf", "https://attack.mitre.org/wiki/Groups"] } ] }