Aoqin Dragon

Description

(SentinelLabs) SentinelLabs has uncovered a cluster of activity beginning at least as far back as 2013 and continuing to the present day, primarily targeting organizations in Southeast Asia and Australia. We assess that the threat actor’s primary focus is espionage and relates to targets in Australia, Cambodia, Hong Kong, Singapore, and Vietnam. We track this activity as ‘Aoqin Dragon’.

The threat actor has a history of using document lures with pornographic themes to infect users and makes heavy use of USB shortcut techniques to spread the malware and infect additional targets. Attacks attributable to Aoqin Dragon typically drop one of two backdoors, Mongall and a modified version of the open source Heyoka project.

Names

Name	Name-Giver
Aoqin Dragon	SentinelLabs
UNC94	Mandiant

Country

China

Motivation

Information theft and espionage

First Seen

2013

Observed Sectors

Observed Countries

Tools

Mongall

Information

https://www.sentinelone.com/labs/aoqin-dragon-newly-discovered-chinese-linked-apt-has-been-quietly-spying-on-organizations-for-10-years/

Mitre Attack

https://attack.mitre.org/groups/G1007/

Other Information

Uuid

b7569cec-8a82-4a0f-80d3-a4659ba2161d

Last Card Change

2023-01-01

Threat Intelligence Garden

Explorer

Aoqin Dragon

Aoqin Dragon

Description

Names

Country

Motivation

First Seen

Observed Sectors

Observed Countries

Tools

Information

Mitre Attack

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks