Aukill

Malware updated 17 hours ago (2024-10-17T12:01:06.807Z)
Download STIX
Preview STIX
AuKill, a malicious software (malware) developed by the notorious cybercrime collective FIN7, has been identified as a significant threat to endpoint security. The malware was designed to exploit a vulnerable version of a driver for Microsoft's Process Explorer utility, thereby disabling endpoint protection products. This tool was first reported in April 2023 when it was used in multiple attacks attempting to deploy Medusa Locker and LockBit ransomware. AuKill, also known as AvNeutralizer, was exclusively used by a single group for six months, targeting various endpoint security solutions. The development of AuKill began in April 2022 by FIN7, a largely Russian-Ukrainian operation that has been carrying out financially motivated cyber campaigns across industries since 2012. This tool has the ability to bypass security solutions, and its new feature specifically targets the protected processes run by Endpoint Detection and Response (EDR) solutions. In July 2023, Sophos behavioral rules were triggered by activity from a driver for another company's security product, indicating that sometimes vulnerable drivers can be detected before exploitation. In recent times, AuKill has seen a surge in usage and is becoming increasingly popular among high-level ransomware groups. It was discovered being sold commercially on the Dark Web by Sophos X-Ops, indicating its widespread availability to cybercriminals. A report from SentinelOne further highlights the growing prevalence of AuKill, underscoring the need for continued vigilance and proactive measures to counter this evolving threat.
Description last updated: 2024-10-17T11:57:59.711Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Tool
Malware
Ransomware
Cybercrime
Sophos
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lockbit Malware is associated with Aukill. LockBit is a notorious malware that operates on a ransomware-as-a-service model, which has been responsible for significant cyber attacks across the globe. One of its most high-profile targets was Boeing, from whom the LockBit gang claimed to have stolen data. This incident not only disrupted operatUnspecified
2
The Locker Ransomware Malware is associated with Aukill. Locker ransomware, a type of malware, poses significant risks to computer systems and data. Unlike crypto-ransomware which encrypts user data, locker ransomware locks users out of their devices entirely, demanding a ransom payment to restore access without any data encryption. This threat has evolveUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Medusa Threat Actor is associated with Aukill. Medusa, a prominent threat actor in the cybersecurity landscape, has been increasingly active with its ransomware attacks. The group made headlines in November 2023 when it leveraged a zero-day exploit for the Citrix Bleed vulnerability (CVE-2023-4966), leading to numerous compromises alongside otheUnspecified
2
The FIN7 Threat Actor is associated with Aukill. FIN7, also known as Carbanak, Carbon Spider, Cobalt Group, and Navigator Group, is a notorious cybercrime group that has been active since 2012. The group is recognized for its advanced combination of malware and social engineering tactics, having executed numerous successful attacks against global Unspecified
2
Source Document References
Information about the Aukill Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
2 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
DARKReading
3 months ago
CERT-EU
7 months ago
CERT-EU
7 months ago
CERT-EU
a year ago
CERT-EU
a year ago
DARKReading
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago