Cервис управления информационной безопасностью
Cервис управления информационной безопасностью
Вход Регистрация
MITRE ATT&CK - Преступная группа Aoqin Dragon
CVE уязвимости
БДУ ФСТЭК уязвимости
НКЦКИ уязвимости
MITRE ATT&CK
БДУ ФСТЭК
Новая БДУ ФСТЭК
Риски
Каталоги
MITRE ATT&CK
Преступная группа
Aoqin Dragon
Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.
Подробнее
Наш канал

Aoqin Dragon

Aoqin Dragon is a suspected Chinese cyber espionage threat group that has been active since at least 2013. Aoqin Dragon has primarily targeted government, education, and telecommunication organizations in Australia, Cambodia, Hong Kong, Singapore, and Vietnam. Security researchers noted a potential association between Aoqin Dragon and UNC94, based on malware, infrastructure, and targets.(Citation: SentinelOne Aoqin Dragon June 2022)
ID: G1007
Associated Groups: 
Version: 1.0
Created: 14 Jul 2022
Last Modified: 24 Oct 2022

Associated Group Descriptions
Name Description

Techniques Used
Domain ID Name Use
Enterprise T1587 .001 Develop Capabilities: Malware

Aoqin Dragon has used custom malware, including Mongall and Heyoka Backdoor, in their operations.(Citation: SentinelOne Aoqin Dragon June 2022)
Enterprise T1036 .005 Masquerading: Match Legitimate Name or Location

Aoqin Dragon has used fake icons including antivirus and external drives to disguise malicious payloads.(Citation: SentinelOne Aoqin Dragon June 2022)
Enterprise T1027 .002 Obfuscated Files or Information: Software Packing

Aoqin Dragon has used the Themida packer to obfuscate malicious payloads.(Citation: SentinelOne Aoqin Dragon June 2022)
Enterprise T1588 .002 Obtain Capabilities: Tool

Aoqin Dragon obtained the Heyoka open source exfiltration tool and subsequently modified it for their operations.(Citation: SentinelOne Aoqin Dragon June 2022)
Enterprise T1204 .002 User Execution: Malicious File

Aoqin Dragon has lured victims into opening weaponized documents, fake external drives, and fake antivirus to execute malicious payloads.(Citation: SentinelOne Aoqin Dragon June 2022)

Software
ID Name References Techniques
S1026 Mongall (Citation: SentinelOne Aoqin Dragon June 2022) Web Protocols, Deobfuscate/Decode Files or Information, Malicious File, Peripheral Device Discovery, Symmetric Cryptography, Rundll32, Data from Local System, Standard Encoding, Ingress Tool Transfer, Exfiltration Over C2 Channel, Dynamic-link Library Injection, System Information Discovery, Software Packing, Registry Run Keys / Startup Folder
S1027 Heyoka Backdoor (Citation: SentinelOne Aoqin Dragon June 2022) (Citation: Sourceforge Heyoka 2022) Dynamic-link Library Injection, File Deletion, Protocol Tunneling, Deobfuscate/Decode Files or Information, DNS, System Information Discovery, System Service Discovery, Process Discovery, Rundll32, File and Directory Discovery, Registry Run Keys / Startup Folder, Obfuscated Files or Information, Peripheral Device Discovery, Masquerade Task or Service, Malicious File

References

  1. Chen, Joey. (2022, June 9). Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years. Retrieved July 14, 2022.
Навигация

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.