DragonOK

Overview

DragonOK is a threat group that has targeted Japanese organizations with phishing emails. Due to overlapping TTPs, including similar custom tools, DragonOK is thought to have a direct or indirect relationship with the threat group Moafee. It is known to use a variety of malware, including Sysget/HelloBridge, PlugX, PoisonIvy, FormerFirstRat, NFlog, and NewCT.

Targets

Private sector

Regions

United States

Tools & malware (2)

PoisonIvy · PlugX

Reporting (2)

• Unit 42 Identifies New DragonOK Backdoor Malware Deployed Against Japanese Targets — Miller-Osborn, J., Grunzweig, J.
• OPERATION QUANTUM ENTANGLEMENT — Haq, T., Moran, N., Vashisht, S., Scott, M