Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years

Event ID1515
UUIDabfb5a93-e695-4ee9-bc10-541290bcd663 
Creator orgCUDESO
Owner orgLUNCHBOX
Creator useradmin@admin.test
Protected Event (experimental)  Event is in unprotected mode.
Tagstlp:whitex   
Date2022-06-21
Threat LevelHigh
AnalysisCompleted
DistributionAll communities   
PublishedYes 2022-08-17 17:21:04
#Attributes245 (0 Objects)
First recorded change2022-06-21 19:14:48
Last change2022-06-21 19:24:59
Modification map
Sightings0 (0) – restricted to own organisation only.  

Order by date Order by count

Related Events

CthulhuSPRL.beOSINT Evilgrab Delivered by Watering Hole Attack on President of Myanmar’s Website by Palo Alto Unit 42
2015-06-111

Related Feeds (show)

Top of Form

Bottom of Form

Top of Form

Bottom of Form

PivotsGalaxyEvent graphEvent timelineCorrelation graphATT&CK matrixEvent reportsAttributesDiscussion

1515: Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years

Galaxies

Sector 

  •  Education   
  •  Government, Administration   
  •  Telecoms   

Country 

  •  australia   

Attack Pattern 

  •  System Information Discovery – T1082   
  •  Boot or Logon Autostart Execution – T1547   
  •  System Owner/User Discovery – T1033   
  •  Process Injection – T1055   
  •  Phishing – T1566   
  •  Dynamic-link Library Injection – T1055.001   
  •  Web Protocols – T1071.001   
  •  DNS – T1071.004   
  •  Replication Through Removable Media – T1091   
  •  Data Encoding – T1132   
  •  User Execution – T1204   
  •  Exploitation for Defense Evasion – T1211   
  •  Archive Collected Data – T1560   
  •  System Services – T1569   
  •  Non-Standard Port – T1571   

Enterprise Attack – Attack Pattern 

  •  Obfuscated Files or Information – T1027   
  •  Process Injection – T1055   

Top of Form

Bottom of Form

Top of Form

Bottom of Form

Top of Form

Bottom of Form

Scope toggle  Deleted Decay score SightingDB Context Related Tags Filtering tool

DateOrgCategoryTypeValueTagsGalaxiesCommentCorrelateRelated EventsFeed hitsIDSDistributionSightingsActivityActions
2022-06-21External analysislinkhttps://www.sentinelone.com/labs/aoqin-dragon-newly-discovered-chinese-linked-apt-has-been-quietly-spying-on-organizations-for-10-years/      Top of Form Bottom of FormInherit   (0/0/0)     
2022-06-21Network activityhostnametest.facebookmap.top     Modified Heyoka C2 Server: Domain  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamedns.foodforthought1.com     Modified Heyoka C2 Server: Domain  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamecvb.hotcup.pw     Modified Heyoka C2 Server: Domain  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityip-dst45.77.11.148     Modified Heyoka C2 Server: IP Address  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamemail.comnnet.net     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamehello.bluesky1234.com     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnameipad.vnptnet.info     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamelepad.fushing.org     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamelllyyy.adsoft.name     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamelucky.manlish.net     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamema550.adsoft.name     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamema550.softad.net     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamemass.longvn.net     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamemail.tiger1234.com     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamemail.vdcvn.com     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnameflower2.yyppmm.com     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamemcafee.bluesky1234.com     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamemedia.vietnamflash.com     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamemil.dungk.com     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamemil.zdungk.com     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamemmchj2.telorg.net     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamegame.vietnamflash.com     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activitydomainfacebookmap.top     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamefbcl2.softad.net     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activitydomainbush2015.net     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnameback.satunusa.org     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamebaomoi.vnptnet.info     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamebbw.fushing.org     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamebca.zdungk.com     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamebkav.manlish.net     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamebkav.welikejack.com     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamebkavonline.vnptnet.info     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamecl.weststations.com     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamefbcl2.adsoft.name     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activitydomaincloundvietnam.com     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamedns.lioncity.top     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamedns.satunusa.org     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamedns.zdungk.com     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnameds.vdcvn.com     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnameds.xrayccc.top     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamemobile.vdcvn.com     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamemmslsh.tiger1234.com     Mongall C2 Servers: Domains89   Top of Form Bottom of Form   Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnameks.manlish.net     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamemoit.longvn.net     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamevnn.phung123.com     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamevideo.philstar2.com     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnameviet.vnptnet.info     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnameviet.zdungk.com     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamevietnam.vnptnet.info     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activitydomainvietnamflash.com     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamevnet.fushing.org     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamevnn.bush2015.net     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamewebmail.philstar2.com     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamethy3.softad.net     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamewww.bush2015.net     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnameyok.fushing.org     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnameyote.dellyou.com     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamezing.vietnamflash.com     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)         
2022-06-21Network activityhostnamezingme.dungk.com     Mongall C2 Servers: Domains  Top of Form Bottom of FormInherit   (0/0/0)