ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Auriga

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Auriga

NamesAuriga
Riodrv
CategoryMalware
TypeBackdoor, Keylogger
DescriptionThe AURIGA malware family shares a large amount of functionality with the bangat backdoor. The malware family contains functionality for keystroke logging, creating and killing processes, performing file system and registry modifications, spawning interactive command shells, performing process injection, logging off the current user or shutting down the local machine. The AURIGA malware contains a driver component which is used to inject the malware DLL into other processes. This driver can also perform process and IP connection hiding. The malware family will create a copy of cmd.exe to perform its C2 activity, and replace the 'Microsoft corp' strings in the cmd.exe binary with different values. The malware family typically maintains persistence through installing itself as a service.
Information<https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf>
<http://contagiodump.blogspot.com/2013/03/mandiant-apt1-samples-categorized-by.html>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.auriga>

Last change to this tool card: 22 April 2020

Download this tool card in JSON format

Previous: AUMLIB
Next: AutoIt backdoor

All groups using tool Auriga

ChangedNameCountryObserved

APT groups

 Comment Crew, APT 1China2006-May 2018X

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key