DragonOK
Essential information
- Confidence
- 100/100
- Published
- 16/12/2025 19:39
- Modified
- 27/03/2026 01:14
- Updated at
- 27/03/2026 01:14
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Resource level
- —
- Primary motivation
- —
- Related entities
- 2 malware
Description
[DragonOK](https://attack.mitre.org/groups/G0017) is a threat group that has targeted Japanese organizations with phishing emails. Due to overlapping TTPs, including similar custom tools, [DragonOK](https://attack.mitre.org/groups/G0017) is thought to have a direct or indirect relationship with the threat group [Moafee](https://attack.mitre.org/groups/G0002). (Citation: Operation Quantum Entanglement) It is known to use a variety of malware, including Sysget/HelloBridge, PlugX, PoisonIvy, FormerFirstRat, NFlog, and NewCT. (Citation: New DragonOK)
Marking (TLP)
Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.