Group description: Moafee

Moafee, Group G0002 | MITRE ATT&CK® ATT&CK v19 will be released April 28th! Check out this blog post for information on the planned deprecation of Enterprise's Defense Evasion tactic in the upcoming release. Home Groups Moafee Moafee Moafee is a threat group that appears to operate from the Guandong Province of China. Due to overlapping TTPs, including similar custom tools, Moafee is thought to have a direct or indirect relationship with the threat group DragonOK . [1] ID:  G0002 Version : 1.1 Created:  31 May 2017 Last Modified:  25 April 2025 Version Permalink Live Version ATT&CK ® Navigator Layers Enterprise Layer download view Techniques Used Domain ID Name Use Enterprise T1027 .001 Obfuscated Files or Information : Binary Padding Moafee has been known to employ binary padding. [1] Software ID Name References Techniques S0012 PoisonIvy [1] Application Window Discovery , Boot or Logon Autostart Execution : Registry Run Keys / Startup Folder , Boot or Logon Autostart Execution : Active Setup , Command and Scripting Interpreter : Windows Command Shell , Create or Modify System Process : Windows Service , Data from Local System , Data Staged : Local Data Staging , Encrypted Channel : Symmetric Cryptography , Execution Guardrails : Mutual Exclusion , Ingress Tool Transfer , Input Capture : Keylogging , Modify Registry , Obfuscated Files or Information , Process Injection : Dynamic-link Library Injection , Rootkit References Haq, T., Moran, N., Scott, M., & Vashisht, S. O. (2014, September 10). The Path to Mass-Producing Cyber Attacks [Blog]. Retrieved November 12, 2014. × load more results