top of page

Aurora: a rising stealer flying under the radar

An investigation by security firm SEKOIA.IO into the activity of Aurora botnets has found that the malware is being used by a growing number of teams of cybercrime experts.


ATT&CK IDS: T1566 - Phishing, T1005 - Data from Local System, T1012 - Query Registry, T1027 - Obfuscated Files or Information, T1041 - Exfiltration Over C2 Channel, T1047 - Windows Management Instrumentation, T1059 - Command and Scripting Interpreter, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1105 - Ingress Tool Transfer, T1113 - Screen Capture, T1119 - Automated Collection, T1140 - Deobfuscate/Decode Files or Information, T1539 - Steal Web Session Cookie, T1555 - Credentials from Password Stores, T1571 - Non-Standard Port, T1614 - System Location Discovery

Read More:

1 view
bottom of page