Show in Graph
Common Information
Type Value
Value 
DragonOK - G0017
Category Actor
Type Mitre-Intrusion-Set
Misp Type Cluster
Description [DragonOK](https://attack.mitre.org/groups/G0017) is a threat group that has targeted Japanese organizations with phishing emails. Due to overlapping TTPs, including similar custom tools, [DragonOK](https://attack.mitre.org/groups/G0017) is thought to have a direct or indirect relationship with the threat group [Moafee](https://attack.mitre.org/groups/G0002). (Citation: Operation Quantum Entanglement) It is known to use a variety of malware, including Sysget/HelloBridge, PlugX, PoisonIvy, FormerFirstRat, NFlog, and NewCT. (Citation: New DragonOK)
Details Published Attributes CTI Title
Details Website 2022-08-18 19 PlugXと攻撃者グループ "DragonOK"の関連性 | セキュリティ対策のラック
Details Website 2022-03-22 67 Operation Dragon Castling: APT group targeting betting companies - Avast Threat Labs
Details Website 2020-04-30 5 APT trends report Q1 2020
Details Website 2019-06-25 17 Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers
Details Website 2018-10-30 0 U.S. Indicts Chinese Hacker-Spies in Conspiracy to Steal Aerospace Secrets
Details Website 2017-07-01 0 Connect the Dots on State-Sponsored Cyber Incidents - Rancor
Details Website 2017-02-15 1 APT_CyberCriminal_Campagin_Collections-1/Deep Dive on the DragonOK Rambo Backdoor _ Morphick Cyber Security.pdf at master · m0n0ph1/APT_CyberCriminal_Campagin_Collections-1
Details Website 2017-01-05 128 DragonOK Updates Toolset and Targets Multiple Geographic Regions
Details Website 2016-05-25 119 CVE-2015-2545: overview of current threats
Details Website 2015-07-20 45 Watering Hole Attack on Aerospace Firm Exploits CVE-2015-5122 to Install IsSpace Backdoor
Details Website 2015-04-14 31 Unit 42 Identifies New DragonOK Backdoor Malware Deployed Against Japanese Targets