MITRE ATT&CK - Преступная группа Aoqin Dragon

Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

Наш канал

Aoqin Dragon

Aoqin Dragon is a suspected Chinese cyber espionage threat group that has been active since at least 2013. Aoqin Dragon has primarily targeted government, education, and telecommunication organizations in Australia, Cambodia, Hong Kong, Singapore, and Vietnam. Security researchers noted a potential association between Aoqin Dragon and UNC94, based on malware, infrastructure, and targets.(Citation: SentinelOne Aoqin Dragon June 2022)

ID: G1007

Associated Groups:

Version: 1.0

Created: 14 Jul 2022

Last Modified: 24 Oct 2022

Name	Description
Associated Group Descriptions

Domain	ID		Name	Use
Techniques Used
Enterprise	T1587	.001	Develop Capabilities: Malware	Aoqin Dragon has used custom malware, including Mongall and Heyoka Backdoor, in their operations.(Citation: SentinelOne Aoqin Dragon June 2022)
Enterprise	T1036	.005	Masquerading: Match Legitimate Name or Location	Aoqin Dragon has used fake icons including antivirus and external drives to disguise malicious payloads.(Citation: SentinelOne Aoqin Dragon June 2022)
Enterprise	T1027	.002	Obfuscated Files or Information: Software Packing	Aoqin Dragon has used the Themida packer to obfuscate malicious payloads.(Citation: SentinelOne Aoqin Dragon June 2022)
Enterprise	T1588	.002	Obtain Capabilities: Tool	Aoqin Dragon obtained the Heyoka open source exfiltration tool and subsequently modified it for their operations.(Citation: SentinelOne Aoqin Dragon June 2022)
Enterprise	T1204	.002	User Execution: Malicious File	Aoqin Dragon has lured victims into opening weaponized documents, fake external drives, and fake antivirus to execute malicious payloads.(Citation: SentinelOne Aoqin Dragon June 2022)

ID	Name	References	Techniques
Software
S1026	Mongall	(Citation: SentinelOne Aoqin Dragon June 2022)	Web Protocols, Deobfuscate/Decode Files or Information, Malicious File, Peripheral Device Discovery, Symmetric Cryptography, Rundll32, Data from Local System, Standard Encoding, Ingress Tool Transfer, Exfiltration Over C2 Channel, Dynamic-link Library Injection, System Information Discovery, Software Packing, Registry Run Keys / Startup Folder
S1027	Heyoka Backdoor	(Citation: SentinelOne Aoqin Dragon June 2022) (Citation: Sourceforge Heyoka 2022)	Dynamic-link Library Injection, File Deletion, Protocol Tunneling, Deobfuscate/Decode Files or Information, DNS, System Information Discovery, System Service Discovery, Process Discovery, Rundll32, File and Directory Discovery, Registry Run Keys / Startup Folder, Obfuscated Files or Information, Peripheral Device Discovery, Masquerade Task or Service, Malicious File

References

Chen, Joey. (2022, June 9). Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years. Retrieved July 14, 2022.

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

Aoqin Dragon

Associated Group Descriptions

Techniques Used

Software

References