Skip to content
MalwareWiki

Malware

AuKill

aka SophosKill

According to Sophos, the AuKill tool abuses an outdated version of the driver used by version 16.32 of the Microsoft utility, Process Explorer, to disable EDR processes before deploying either a backd

AuKill, also known as SophosKill, is a Windows malware family.

Background

Sophos reports that AuKill exploits an outdated driver shipped with version 16.32 of Microsoft's Process Explorer utility to shut down EDR processes before dropping either a backdoor or ransomware onto the targeted system.

Source: Malpedia (Fraunhofer FKIE).