Analysis of a newly discovered malware: Aurora Botnet 🌌

While monitoring Dark Web forums, SEKOIA.IO analysts discovered a new Golang botnet, advertised since April 2022 by its alleged developer as Aurora Botnet. Sold as a Malware-as-a-Service (MaaS), this multi-purpose botnet enables an attacker to steal sensitive data (passwords, cryptocurrency wallets, files), send commands to bots, download and execute additional payloads,and open HTTP proxies. We published a FLINT (Flash Intelligence Report) in which you can find exclusive details of the threat actor advertising Aurora, on our malware analysis and the botnet's involvement in ongoing dispute between illicit marketplaces struggling for the leadership. We also share some artefacts about the detection of Aurora within SEKOIA.IO XDR. ![changelog_flint_042.png](BASE/products/901462981/changelog/11939/inline-ef17426e325f5b19e76aba8da2b66a10.jpg) *Detection of Aurora malware on SEKOIA.IO XDR:* ![img_flint_aurora_fig9.png](BASE/products/901462981/changelog/11939/inline-5d8980783248aff665c8f674d4c077d9.jpg) Related Resources: * [FLINT 2022-042 - Aurora: a new Golang botnet in Wonderland]( * [Aurora malware page](