Unlike Its Namesake, Aoqin Dragon Isn’t Mythical
Aoqin Dragon may not be as foolproof as it seems. Despite evading discovery for almost a decade,1 cybersecurity researchers shed some light on the advanced persistent threat (APT) group’s inner workings.
Using identified indicators of compromise (IoCs)2 as jump-off points, we discovered yet-unknown connections between them, which could point to their infrastructure:
- 10+ additional IP addresses to which the domain IoCs resolved, one of which turned out to be malicious
- 30+ unredacted registrant email addresses from the domain IoCs’ historical WHOIS records that revealed connections between a majority of the IoCs (IP addresses and domains alike)
- 20+ additional domains that shared some of the domain IoCs’ IP hosts, hinting at their dedicated nature, and past and current registrant email addresses
Download a sample of the threat research materials now or contact us to access the complete set of research materials.
-  https://threatpost.com/apt-flew-under-radar-decade/179995/
-  https://g-soft.info/security/2668/2668/