Moafee

Moafee is a threat group that appears to operate from the Guandong Province of China. Due to overlapping TTPs, including similar custom tools, Moafee is thought to have a direct or indirect relationship with the threat group DragonOK. ^[1]

ID: G0002

Aliases: Moafee

Version: 1.0

Alias Descriptions

Name	Description
Moafee	^[1]

Techniques Used

Domain	ID	Name	Use
Enterprise	T1009	Binary Padding	Moafee has been known to employ binary padding.^[1]

Software

ID	Name	Techniques
S0012	PoisonIvy	Application Window Discovery, Command-Line Interface, Data from Local System, Data Staged, Input Capture, Modify Existing Service, Modify Registry, New Service, Obfuscated Files or Information, Process Injection, Registry Run Keys / Startup Folder, Remote File Copy, Rootkit, Standard Cryptographic Protocol, Uncommonly Used Port

References

Haq, T., Moran, N., Scott, M., & Vashisht, S. O. (2014, September 10). The Path to Mass-Producing Cyber Attacks [Blog]. Retrieved November 12, 2014.