Unlike Its Namesake, Aoqin Dragon Isn’t Mythical | WhoisXML API

Threat Reports

Unlike Its Namesake, Aoqin Dragon Isn’t Mythical

Aoqin Dragon may not be as foolproof as it seems. Despite evading discovery for almost a decade,1 cybersecurity researchers shed some light on the advanced persistent threat (APT) group’s inner workings.

Using identified indicators of compromise (IoCs)2 as jump-off points, we discovered yet-unknown connections between them, which could point to their infrastructure:

  • 10+ additional IP addresses to which the domain IoCs resolved, one of which turned out to be malicious
  • 30+ unredacted registrant email addresses from the domain IoCs’ historical WHOIS records that revealed connections between a majority of the IoCs (IP addresses and domains alike)
  • 20+ additional domains that shared some of the domain IoCs’ IP hosts, hinting at their dedicated nature, and past and current registrant email addresses

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://threatpost.com/apt-flew-under-radar-decade/179995/
  • [2] https://g-soft.info/security/2668/2668/
Try our WhoisXML API for free
Get started