Threat intelligence API Docs Pricing Solutions Resources Contact us

Threat reports

Read other reports

Potential Traces of Aurora Spread Via Windows Security Update Malvertisements in the DNS

Aurora first made news headlines in December 2022 when it was used as the final payload for fake software installer campaigns.1 It recently resurfaced, now being spread via malvertisements that redirected users to a supposed Windows security update page. Should their download finish, they end up with Aurora-infected computers.2

Malwarebytes Labs identified 23 indicators of compromise (IoCs), which we subjected to an expansion analysis that found:

  • Nearly 600 domains that shared the IoCs’ IP hosts, two of which turned out to be malicious
  • 60 domains that contained strings also found among the IoCs
  • 160+ subdomains that ended with login.php akin to the data stealer’s control panel address, two of which turned out to be malware hosts

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1]
  • [2]
Read other reports
To download the full report in PDF, please fill in the form.
I have read and agree to the Terms of Service and Privacy Policy
Please keep me updated on news, events, and offers.

Try our Threat Intelligence API for free

Get FREE trial
Have questions?

We work hard to improve our services for you. As part of that, we welcome your feedback, questions and suggestions. Please let us know your thoughts and feelings, and any way in which you think we can improve our product.

For a quick response, please select the request type that best suits your needs.

Or shoot us an email to

Threat Intelligence Platform uses cookies to provide you with the best user experience on our website. They also help us understand how our site is being used. Find out more here. By continuing to use our site you consent to the use of cookies.