DragonOK
DragonOK is a threat group that has targeted Japanese organizations with phishing emails. Due to overlapping TTPs, including similar custom tools, DragonOK is thought to have a direct or indirect relationship with the threat group Moafee. It is known to use a variety of malware, including Sysget/HelloBridge, PlugX, PoisonIvy, FormerFirstRat, NFlog, and NewCT.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 Low0.0
None signal strength
Mentions0
Sources0
High conf.0
First observed
2017-05-31
Last active
—
Origin
China
Aliases
1
Techniques
0
Campaigns
0
China
Attribution signals
No attribution signals extracted yet — signals populate automatically as articles are processed.