Moafee

Description

Moafee is a threat group that appears to operate from the Guandong Province of China. Due to overlapping TTPs, including similar custom tools, Moafee is thought to have a direct or indirect relationship with the threat group DragonOK.

(FireEye) The attack group “Moafee” (named after their command and control infrastructure) appears to operate out of the Guangdong province in China and is known to target the governments and military organizations of countries with national interests in the South China Sea. The seas in this region have multiple claims of sovereignty and hold high significance, as it is the second busiest sea-lane in the world and are known to be rich in resources such as rare earth metals, crude oil, and natural gas. We have also observed the Moafee group target organizations within the US defense industrial base.

Names

Name	Name-Giver
Moafee	FireEye

Country

• China

Motivation

• Information theft and espionage

First Seen

2014

Observed Sectors

• Defense
• Government

Observed Countries

• USA
• “countries with national interests in the South China Sea”

Tools

• HTran
• Mongall
• NewCT2
• NFlog
• Poison Ivy

Information

• https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-quantum-entanglement.pdf

Mitre Attack

• https://attack.mitre.org/groups/G0002/

Other Information

Uuid

a89dfb9b-f899-4d5e-b835-1fbb37295660

Last Card Change

2020-04-22