Description
[Aoqin Dragon](https://attack.mitre.org/groups/G1007) is a suspected Chinese cyber espionage threat group that has been active since at least 2013. [Aoqin Dragon](https://attack.mitre.org/groups/G1007) has primarily targeted government, education, and telecommunication organizations in Australia, Cambodia, Hong Kong, Singapore, and Vietnam. Security researchers noted a potential association between [Aoqin Dragon](https://attack.mitre.org/groups/G1007) and UNC94, based on malware, infrastructure, and targets.(Citation: SentinelOne Aoqin Dragon June 2022)
Techniques Used (TTPs)
- T1204.002 — Malicious File (execution)
- T1570 — Lateral Tool Transfer (lateral-movement)
- T1091 — Replication Through Removable Media (lateral-movement, initial-access)
- T1027.002 — Software Packing (defense-evasion)
- T1587.001 — Malware (resource-development)
- T1083 — File and Directory Discovery (discovery)
- T1036 — Masquerading (defense-evasion)
- T1588.002 — Tool (resource-development)
- T1203 — Exploitation for Client Execution (execution)
Total TTPs: 9
Malware & Tools
Malware: Heyoka Backdoor, Mongall