ETDA ThaiCERT
Report
Search
Home > List all groups > Moafee

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Moafee

NamesMoafee (FireEye)
CountryChina China
MotivationInformation theft and espionage
First seen2014
DescriptionMoafee is a threat group that appears to operate from the Guandong Province of China. Due to overlapping TTPs, including similar custom tools, Moafee is thought to have a direct or indirect relationship with the threat group DragonOK.

(FireEye) The attack group “Moafee” (named after their command and control infrastructure) appears to operate out of the Guangdong province in China and is known to target the governments and military organizations of countries with national interests in the South China Sea. The seas in this region have multiple claims of sovereignty and hold high significance, as it is the second busiest sea-lane in the world and are known to be rich in resources such as rare earth metals, crude oil, and natural gas. We have also observed the Moafee group target organizations within the US defense industrial base.
ObservedSectors: Defense, Government.
Countries: USA and “countries with national interests in the South China Sea”.
Tools usedHTran, Mongall, NewCT2, NFlog, Poison Ivy.
Information<https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-quantum-entanglement.pdf>
MITRE ATT&CK<https://attack.mitre.org/groups/G0002/>

Last change to this card: 22 April 2020

Download this actor card in PDF or JSON format

Previous: Mikroceen
Next: Molerats, Extreme Jackal, Gaza Cybergang

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key