Is Aurora as Stealthy as Its Operators Believe? | WhoisXML API

Threat Reports

Is Aurora as Stealthy as Its Operators Believe?

New kid on the data-stealing block Aurora is fast becoming a cybercriminal favorite due to its ability to fly under the radar.1

SEKOIA.IO researchers published 51 indicators of compromise (IoCs) for Aurora so far.2 We performed an IoC expansion exercise on the 28 IP addresses and eight domains in search of digital breadcrumbs.

Our deep dive uncovered:

  • An unredacted registrant email address in one of the IoCs’ WHOIS records
  • Four additional IP addresses to which some of the domains identified as IoCs resolved
  • 900+ more domains that resolved to some of the IoCs’ IP hosts, 40+ of which turned out to be malicious
  • 2,200+ additional domains that shared unique strings found among the IoCs, seven of which were categorized as malware hosts

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://blog.sekoia.io/aurora-a-rising-stealer-flying-under-the-radar/
  • [2] https://github.com/SEKOIA-IO/Community/blob/main/IOCs/aurora/aurora_iocs_20221121.csv
Try our WhoisXML API for free
Get started