Malware: AuTo Stealer

Description

[AuTo Stealer](https://attack.mitre.org/software/S1029) is malware written in C++ has been used by [SideCopy](https://attack.mitre.org/groups/G1008) since at least December 2021 to target government agencies and personnel in India and Afghanistan.(Citation: MalwareBytes SideCopy Dec 2021)

External References

• mitre-attack
• MalwareBytes SideCopy Dec 2021

Techniques Used by This Malware

• T1005 — Data from Local System
• T1033 — System Owner/User Discovery
• T1041 — Exfiltration Over C2 Channel
• T1059.003 — Windows Command Shell
• T1071.001 — Web Protocols
• T1074.001 — Local Data Staging
• T1082 — System Information Discovery
• T1095 — Non-Application Layer Protocol
• T1518.001 — Security Software Discovery
• T1547.001 — Registry Run Keys / Startup Folder

APT Groups Using This Malware

• SideCopy