Aukill

Malware updated a month ago (2024-11-29T14:07:23.993Z)
Download STIX
Preview STIX
AuKill, a malicious software (malware) developed by the notorious cybercrime collective FIN7, has been identified as a significant threat to endpoint security. The malware was designed to exploit a vulnerable version of a driver for Microsoft's Process Explorer utility, thereby disabling endpoint protection products. This tool was first reported in April 2023 when it was used in multiple attacks attempting to deploy Medusa Locker and LockBit ransomware. AuKill, also known as AvNeutralizer, was exclusively used by a single group for six months, targeting various endpoint security solutions. The development of AuKill began in April 2022 by FIN7, a largely Russian-Ukrainian operation that has been carrying out financially motivated cyber campaigns across industries since 2012. This tool has the ability to bypass security solutions, and its new feature specifically targets the protected processes run by Endpoint Detection and Response (EDR) solutions. In July 2023, Sophos behavioral rules were triggered by activity from a driver for another company's security product, indicating that sometimes vulnerable drivers can be detected before exploitation. In recent times, AuKill has seen a surge in usage and is becoming increasingly popular among high-level ransomware groups. It was discovered being sold commercially on the Dark Web by Sophos X-Ops, indicating its widespread availability to cybercriminals. A report from SentinelOne further highlights the growing prevalence of AuKill, underscoring the need for continued vigilance and proactive measures to counter this evolving threat.
Description last updated: 2024-10-17T11:57:59.711Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Tool
Malware
Ransomware
Cybercrime
Sophos
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lockbit Malware is associated with Aukill. LockBit is a prominent ransomware-as-a-service (RaaS) malware that has been involved in numerous cyberattacks, demonstrating its staying power and adaptability. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers orUnspecified
2
The Locker Ransomware Malware is associated with Aukill. Locker ransomware, a type of malware, poses significant risks to computer systems and data. Unlike crypto-ransomware which encrypts user data, locker ransomware locks users out of their devices entirely, demanding a ransom payment to restore access without any data encryption. This threat has evolveUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Medusa Threat Actor is associated with Aukill. Medusa, a threat actor group known for its malicious activities, has been increasingly involved in multiple high-profile cyber attacks. In November 2023, Medusa and other groups like LockBit and ALPHV (BlackCat) exploited a zero-day vulnerability, the Citrix Bleed (CVE-2023-4966), leading to numerouUnspecified
2
The FIN7 Threat Actor is associated with Aukill. FIN7, also known as Carbanak, Carbon Spider, Cobalt Group, and Navigator Group, is a notorious cybercrime group that has been active since 2012. The group is recognized for its advanced combination of malware and social engineering tactics, having executed numerous successful attacks against global Unspecified
2
Source Document References
Information about the Aukill Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
4 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
DARKReading
5 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
a year ago
CERT-EU
a year ago
DARKReading
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
Securityaffairs
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago