DragonOK is a threat group that has targeted Japanese organizations with phishing emails. Due to overlapping TTPs, including similar custom tools, DragonOK may have a direct or indirect relationship with the threat group Moafee. DragonOK has used a variety of malware, including Sysget/HelloBridge, PlugX, PoisonIvy, FormerFirstRat, NFlog, and NewCT.
Other names for this threat
This is a collection of rules based on the presence of indicators of compromise publicly reported as associated with this malicious actor.