Unlike Its Namesake, Aoqin Dragon Isn’t Mythical | WhoisXML API

Threat reports

Read other reports

Unlike Its Namesake, Aoqin Dragon Isn’t Mythical

Download PDF

Aoqin Dragon may not be as foolproof as it seems. Despite evading discovery for almost a decade,1 cybersecurity researchers shed some light on the advanced persistent threat (APT) group’s inner workings.

Using identified indicators of compromise (IoCs)2 as jump-off points, we discovered yet-unknown connections between them, which could point to their infrastructure:

  • 10+ additional IP addresses to which the domain IoCs resolved, one of which turned out to be malicious
  • 30+ unredacted registrant email addresses from the domain IoCs’ historical WHOIS records that revealed connections between a majority of the IoCs (IP addresses and domains alike)
  • 20+ additional domains that shared some of the domain IoCs’ IP hosts, hinting at their dedicated nature, and past and current registrant email addresses

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://threatpost.com/apt-flew-under-radar-decade/179995/
  • [2] https://g-soft.info/security/2668/2668/
Download PDF Read other reports
Try our WhoisXML API for free
Get started