From 963cd23b1ffb5caa14a3c3d1a9a9dfb6cabfed9c Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Mon, 1 Aug 2016 16:39:08 +0200
Subject: [PATCH] DragonOK added

---
 elements/adversary-groups.json | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/elements/adversary-groups.json b/elements/adversary-groups.json
index 225aae1..0de1143 100644
--- a/elements/adversary-groups.json
+++ b/elements/adversary-groups.json
@@ -880,6 +880,12 @@
        "group": "Poseidon Group",
        "description": "Poseidon Group is a Portuguese-speaking threat group that has been active since at least 2005. The group has a history of using information exfiltrated from victims to blackmail victim companies into contracting the Poseidon Group as a security firm.",
        "refs": ["https://securelist.com/blog/research/73673/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/","https://attack.mitre.org/wiki/Groups"]
+     },
+     {
+       "group": "DragonOK",
+       "description": "Threat group that has targeted Japanese organizations with phishing emails. Due to overlapping TTPs, including similar custom tools, DragonOK is thought to have a direct or indirect relationship with the threat group Moafee. 2223 It is known to use a variety of malware, including Sysget/HelloBridge, PlugX, PoisonIvy, FormerFirstRat, NFlog, and NewCT.",
+       "country": "CN",
+       "refs": ["https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-quantum-entanglement.pdf", "https://attack.mitre.org/wiki/Groups"]
      }
   ]
 }