diff --git a/clusters/tool.json b/clusters/tool.json index 37f2be47..c1c20caf 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -3746,6 +3746,21 @@ ] }, "uuid": "5f4be30a-2373-11e8-bbab-774ff49fd040" + }, + { + "value": "Aurora", + "description": "You probably have heard the recent news about a widespread attack that was carried out using a 0-Day exploit for Internet Explorer as one of the vectors. This exploit is also known as the \"Aurora Exploit\". The code has recently gone public and it was also added to the Metasploit framework.\nThis exploit was used to deliver a malicious payload, known by the name of Trojan.Hydraq, the main purpose of which was to steal information from the compromised computer and report it back to the attackers.\nThe exploit code makes use of known techniques to exploit a vulnerability that exists in the way Internet Explorer handles a deleted object. The final purpose of the exploit itself is to access an object that was previously deleted, causing the code to reference a memory location over which the attacker has control and in which the attacker dropped his malicious code.", + "meta": { + "refs": [ + "https://www.symantec.com/connect/blogs/trojanhydraq-incident-analysis-aurora-0-day-exploit", + "https://www.symantec.com/connect/blogs/hydraq-aurora-attackers-back", + "https://www.symantec.com/connect/blogs/hydraq-attack-mythical-proportions" + ], + "synonyms":[ + "Hydraq" + ] + }, + "uuid": "70c31066-237a-11e8-8eff-37ef1ad0c703" } ] }