Aoqin Dragon
Associated Group Descriptions |
|
Name | Description |
---|---|
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1587 | .001 | Develop Capabilities: Malware |
Aoqin Dragon has used custom malware, including Mongall and Heyoka Backdoor, in their operations.(Citation: SentinelOne Aoqin Dragon June 2022) |
Enterprise | T1036 | .005 | Masquerading: Match Legitimate Name or Location |
Aoqin Dragon has used fake icons including antivirus and external drives to disguise malicious payloads.(Citation: SentinelOne Aoqin Dragon June 2022) |
Enterprise | T1027 | .002 | Obfuscated Files or Information: Software Packing |
Aoqin Dragon has used the Themida packer to obfuscate malicious payloads.(Citation: SentinelOne Aoqin Dragon June 2022) |
Enterprise | T1588 | .002 | Obtain Capabilities: Tool |
Aoqin Dragon obtained the Heyoka open source exfiltration tool and subsequently modified it for their operations.(Citation: SentinelOne Aoqin Dragon June 2022) |
Enterprise | T1204 | .002 | User Execution: Malicious File |
Aoqin Dragon has lured victims into opening weaponized documents, fake external drives, and fake antivirus to execute malicious payloads.(Citation: SentinelOne Aoqin Dragon June 2022) |
Software |
|||
ID | Name | References | Techniques |
---|---|---|---|
S1026 | Mongall | (Citation: SentinelOne Aoqin Dragon June 2022) | Web Protocols, Deobfuscate/Decode Files or Information, Malicious File, Peripheral Device Discovery, Symmetric Cryptography, Rundll32, Data from Local System, Standard Encoding, Ingress Tool Transfer, Exfiltration Over C2 Channel, Dynamic-link Library Injection, System Information Discovery, Software Packing, Registry Run Keys / Startup Folder |
S1027 | Heyoka Backdoor | (Citation: SentinelOne Aoqin Dragon June 2022) (Citation: Sourceforge Heyoka 2022) | Dynamic-link Library Injection, File Deletion, Protocol Tunneling, Deobfuscate/Decode Files or Information, DNS, System Information Discovery, System Service Discovery, Process Discovery, Rundll32, File and Directory Discovery, Registry Run Keys / Startup Folder, Encrypted/Encoded File, Peripheral Device Discovery, Masquerade Task or Service, Malicious File |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.