AvosLocker

Malware Profile Updated 10 days ago
Download STIX
Preview STIX
AvosLocker is a type of malware, specifically a ransomware, that has been causing significant issues across the digital landscape. Ransomware is a form of malicious software designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites without the user's knowledge. Once embedded in a system, AvosLocker can disrupt operations, steal personal information, or even hold data hostage for ransom. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have recently published an advisory on AvosLocker ransomware. The advisory was issued due to the increasing prevalence and potential harm of this particular ransomware strain. The aim of the advisory is to raise awareness among businesses and individuals about the risks associated with AvosLocker and provide guidance on how to protect against it. In addition to the FBI and CISA's warnings, cybersecurity firm SentinelOne has reported observing AvosLocker in various cyber attacks. It has been found alongside other malicious payloads such as BlackCat and LockBit, indicating a complex and multi-faceted threat. These observations underscore the importance of maintaining robust cybersecurity measures and staying informed about the latest threats like AvosLocker.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Lockbit
5
LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt
Hive
4
Hive is a malicious software, or malware, that infiltrates systems to exploit and damage them. This malware has been associated with Volt Typhoon, who exfiltrated NTDS.dit and SYSTEM registry hive to crack passwords offline. The Hive operation was primarily involved in port scanning, credential thef
Karakurt
3
Karakurt is a notorious malware and data extortion group, previously affiliated with ITG23, known for its sophisticated tactics, techniques, and procedures (TTPs). The group's operations involve stealing sensitive data from compromised systems and demanding ransoms ranging from $25,000 to a staggeri
Avoslocker Beacon
1
AvosLocker Beacon is a malicious software (malware) that has been identified as a significant threat to computer systems and networks. This malware operates by infiltrating systems through various methods, including suspicious downloads, emails, or websites, often without the user's knowledge. Once
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Lateral Move...
RaaS
Ransom
Antivirus
Extortion
Linux
Malware
Windows
Encryption
Rootkit
Esxi
Exploit
Vulnerability
Backdoor
Rmm
CISA
Fbi
Bitcoin
Exploits
t1059.003
Confluence
Data Leak
Ddos
Payload
LOTL
t1059.001
Apache
Tool
Infiltration
Web Shell
T1489
T1490
T1491
Crypter
Manageengine
Ransomware P...
Iis
University
Encrypt
Outlook
Beacon
Firefox
Fraud
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Black BastaUnspecified
3
Black Basta is a notorious malware entity known for its devastating ransomware attacks. First emerging in June 2022, the group has since been associated with a series of high-profile cyber-attacks worldwide. This malware, like others, infiltrates systems through suspicious downloads, emails, or webs
REvilUnspecified
2
REvil is a notorious form of malware, specifically ransomware, that infiltrates systems to disrupt operations and steal data. The ransomware operates on a Ransomware as a Service (RaaS) model, which gained traction in 2020. In this model, REvil, like other first-stage malware such as Dridex and Goot
Cuba RansomwareUnspecified
2
The Cuba ransomware is a malicious software that first appeared on cybersecurity radars in late 2020 under the name "Tropical Scorpius." It is designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites without the user's knowledge. Once insi
ContiUnspecified
2
Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in
Abyss LockerUnspecified
1
Abyss Locker is a formidable strain of malware, specifically ransomware, that has been observed targeting both Microsoft Windows and Linux platforms. This malicious software operates by infiltrating systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside
HELLOKITTYUnspecified
1
HelloKitty is a malicious software (malware) that has been designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold dat
Medusa RansomwareUnspecified
1
Medusa ransomware is a malicious software designed to infiltrate systems, steal personal information, disrupt operations, and hold data hostage for ransom. It often enters systems through suspicious downloads, emails, or websites unbeknownst to the user. Once inside, it leaves a ransom note, demandi
TrigonaUnspecified
1
Trigona, a malware identified in 2022, emerged as a significant ransomware threat. This malicious software, designed to exploit and damage computer systems, infected devices through suspicious downloads, emails, or websites. The malware was particularly notorious for targeting Microsoft SQL servers,
MedusaLockerUnspecified
1
MedusaLocker, first observed in September 2019, is a potent ransomware variant that primarily targets Windows machines through spam. This malware should not be confused with Medusa, a Ransomware-as-a-Service (RaaS) platform active since late 2022. MedusaLocker has been utilized by various ransomware
ClopUnspecified
1
Clop is a notorious malware, short for malicious software, known for its disruptive and damaging effects on computer systems. It primarily infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Clop can steal personal information, disrupt o
AkiraUnspecified
1
Akira is a malicious software, or malware, specifically a type of ransomware known for its disruptive and damaging effects. First surfacing in late 2023, it has continued to wreak havoc on various entities, including corporations and industries. This ransomware infects systems through suspicious dow
NoEscapeUnspecified
1
NoEscape is a malicious software that emerged as a rebrand of 'Avaddon,' known for its successful multi-extortion tactics. In October 2023, the French basketball team ASVEL fell victim to a data breach orchestrated by the NoEscape ransomware gang. This incident was part of a broader trend in the las
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
AlphvUnspecified
4
AlphV, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. This group has been involved in numerous high-profile attacks, including stealing 5TB of data from Morrison Community Hospital and compromising Clarion, a global manufacturer of audio and video equipment for car
BlackmatterUnspecified
2
BlackMatter is a recognized threat actor in the cybersecurity industry, notorious for its malicious activities and the execution of ransomware attacks. The group initially operated as DarkSide, responsible for the high-profile Colonial Pipeline attack in May 2021, which led to significant attention
NoberusUnspecified
1
Noberus, also known as ALPHV or BlackCat, is a significant threat actor in the cybersecurity landscape. The group, which primarily operates a ransomware-as-a-service (RaaS) model, was the second most active ransomware group in April 2023, responsible for 14% of total observed victims. Originating fr
BlackbyteUnspecified
1
BlackByte, a threat actor known for its malicious activities, has been on the radar of cybersecurity agencies since its emergence in July 2021. Notorious for targeting critical infrastructure, BlackByte attracted the attention of the Federal Bureau of Investigation (FBI) and the US Secret Service (U
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2021-27878Unspecified
1
None
CVE-2021-27876Unspecified
1
None
CVE-2022-26522Unspecified
1
None
Log4ShellUnspecified
1
Log4Shell is a software vulnerability, specifically a flaw in the design or implementation of the popular Java logging library, Log4j. Identified as CVE-2021-44228, this vulnerability allows an attacker to remotely execute arbitrary code, often leading to full system compromise. Advanced Persistent
CVE-2021-27877Unspecified
1
None
CVE-2022-26523Unspecified
1
None
CVE-2021-45046Unspecified
1
None
CVE-2021-45105Unspecified
1
None
Source Document References
Information about the AvosLocker Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
5 days ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
6 days ago
FIN7 group advertises new EDR bypass tool on hacking forums
Securityaffairs
6 days ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
8 days ago
FIN7 group advertises new EDR bypass tool on hacking forums
DARKReading
10 days ago
Security End-Run: 'AuKill' Shuts Down Windows-Reliant EDR Processes
Securityaffairs
12 days ago
Security Affairs Malware Newsletter - Round 2
Securityaffairs
20 days ago
Security Affairs Malware Newsletter - Round 1
Securityaffairs
a month ago
Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
4 months ago
Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs
4 months ago
Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs
4 months ago
Security Affairs newsletter Round 464 by Pierluigi Paganini
Securityaffairs
4 months ago
Security Affairs newsletter Round 463 by Pierluigi Paganini
Securityaffairs
5 months ago
Security Affairs newsletter Round 462 by Pierluigi Paganini
CERT-EU
10 months ago
Banking Cybersecurity: The Risks Faced by Financial Institutions