Night Dragon

Night Dragon is a campaign name for activity involving threat group that has conducted activity originating primarily in China. [1] The activity from this group is also known as Musical Chairs. [2]

ID: G0014
Aliases: Night Dragon, Musical Chairs
Version: 1.0

Alias Descriptions

NameDescription
Night Dragon[1]
Musical Chairs[2]

Techniques Used

DomainIDNameUse
PRE-ATT&CKT1307Acquire and/or use 3rd party infrastructure servicesNight Dragon used servers in China, the U.S., and the Netherlands in an attempt to hide their operations.[1]
PRE-ATT&CKT1308Acquire and/or use 3rd party software servicesNight Dragon used third party hosting services in the U.S. in an attempt to hide their operations.[1]
PRE-ATT&CKT1351Remote access tool developmentNight Dragon used privately developed and customized remote access tools.[1]
EnterpriseT1045Software PackingNight Dragon is known to use software packing in its tools.[1]

Software

IDNameTechniques
S0032gh0stCommand-Line Interface, DLL Side-Loading, File Deletion, Indicator Removal on Host, Input Capture, Process Discovery, Rundll32

References