Check out the results from our first round of ATT&CK Evaluations at attackevals.mitre.org!

Moafee

Moafee is a threat group that appears to operate from the Guandong Province of China. Due to overlapping TTPs, including similar custom tools, Moafee is thought to have a direct or indirect relationship with the threat group DragonOK. [1]

ID: G0002
Aliases: Moafee
Version: 1.0

Alias Descriptions

NameDescription
Moafee[1]

Techniques Used

DomainIDNameUse
EnterpriseT1009Binary PaddingMoafee has been known to employ binary padding.[1]

Software

IDNameTechniques
S0012PoisonIvyApplication Window Discovery, Command-Line Interface, Data from Local System, Data Staged, Input Capture, Modify Existing Service, Modify Registry, New Service, Obfuscated Files or Information, Process Injection, Registry Run Keys / Startup Folder, Remote File Copy, Rootkit, Standard Cryptographic Protocol, Uncommonly Used Port

References