TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

Ransomware: AvosLocker (まとめ)

【要点】

◎2021年7月頃に活動を開始したランサムウェア/ランサムウェアを使用する犯罪組織


【目次】

概要

【図表】


AvosLockerランサムウェアの活動状況(BleepingComputer/ID-Ransomware)
出典: https://www.bleepingcomputer.com/news/security/fbi-avoslocker-ransomware-targets-us-critical-infrastructure/

【概要】

項目 内容
拡張子 .avos
Ransomnote GET_YOUR_FILES_BACK.txt
リークサイト hxxp://avos2fuj6olp6x36。onion
hxxp://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5kla。onion
マルウェア MD5 d285f1366d0d4fdae0b558db690497ea
fe977e2028bbb774952df319042e3cab
b76d1d3d2d40366569da67620cf78a87


【最新情報】

◆Avastのセキュリティソフトを無効化 研究者が明かした“驚きの手口” (TechTarget, 2022/06/02 08:15)
https://techtarget.itmedia.co.jp/tt/news/2206/02/news09.html
https://malware-log.hatenablog.com/entry/2022/06/02/000000_5

◆Confluence servers hacked to deploy AvosLocker, Cerber2021 ransomware (BleepingComputer, 2022/06/11 10:31)
[Confluence サーバーがハッキングされ、AvosLocker および Cerber2021 ランサムウェアが展開される]
https://www.bleepingcomputer.com/news/security/confluence-servers-hacked-to-deploy-avoslocker-cerber2021-ransomware/
https://malware-log.hatenablog.com/entry/2022/06/11/000000

◆After Conti Ransomware Brand Retires, Spinoffs Carry On (BankInfoSecurity, 2022/06/24)
[ランサムウェア・ブランド「コンティ」の撤退後、スピンオフ企業が続々と登場]
https://www.bankinfosecurity.com/after-conti-ransomware-brand-retires-spinoffs-carry-on-a-19447
https://malware-log.hatenablog.com/entry/2022/06/24/000000_11

◆How Conti ransomware hacked and encrypted the Costa Rican government (BleepingComputer, 2022/07/21 10:20)
[ランサムウェア「Conti」がコスタリカ政府をハッキングし、暗号化するまでの流れ]
https://www.bleepingcomputer.com/news/security/how-conti-ransomware-hacked-and-encrypted-the-costa-rican-government/
https://malware-log.hatenablog.com/entry/2022/07/21/000000_3

記事

【ニュース】

■2021年

◆AvosLocker ransomware gang to auction the data of victims who don’t pay (The Record, 2021/10/04)
https://therecord.media/avoslocker-ransomware-gang-to-auction-the-data-of-victims-who-dont-pay/
https://malware-log.hatenablog.com/entry/2021/10/04/000000_10

◆Pacific City Bank discloses ransomware attack claimed by AvosLocker (BleepingComputer, 2021/10/11 05:18)

Ransomware: AvosLocker
拡張子: , Ransomnote:

https://www.bleepingcomputer.com/news/security/pacific-city-bank-discloses-ransomware-attack-claimed-by-avoslocker/
https://malware-log.hatenablog.com/entry/2021/10/11/000000_7

◆Gigabyte Allegedly Hit by AvosLocker Ransomware (Threatpost, 2021/10/21 13:33)
[Gigabyte社がランサムウェア「AvosLocker」に感染したとの報告を受ける]
https://threatpost.com/gigabyte-avoslocker-ransomware-gang/175642/
https://malware-log.hatenablog.com/entry/2021/10/21/000000_2

◆Halloween Horror-Show for Candy-Maker Hit by Ransomware (Info Security, 2021/10/22)
[ランサムウェアに感染したキャンディメーカーのハロウィーン・ホラー・ショー]
https://www.infosecurity-magazine.com/news/halloween-horrorshow-candymaker/
https://malware-log.hatenablog.com/entry/2021/10/22/000000_13


■2022年

◆身代金価格に合意しても機密情報を暴露 ランサムウェア攻撃による身代金交渉の実情とは (ITmedia, 2022/02/03 09:00)
https://www.itmedia.co.jp/enterprise/articles/2202/02/news066.html
https://malware-log.hatenablog.com/entry/2022/02/03/000000_1

◆FBI: Avoslocker ransomware targets US critical infrastructure (BleepingComputer, 2022/03/19)
[FBI 米国の重要インフラを狙うランサムウェア「Avoslocker」]
https://www.bleepingcomputer.com/news/security/fbi-avoslocker-ransomware-targets-us-critical-infrastructure/
https://malware-log.hatenablog.com/entry/2022/03/19/000000_2

◆AvosLocker ransomware attacking US critical infrastructure (SC Media, 2022/03/23)
https://www.scmagazine.com/brief/ransomware/avoslocker-ransomware-attacking-us-critical-infrastructure
https://malware-log.hatenablog.com/entry/2022/03/23/000000_10

◆Avastのセキュリティソフトを無効化 研究者が明かした“驚きの手口” (TechTarget, 2022/06/02 08:15)
https://techtarget.itmedia.co.jp/tt/news/2206/02/news09.html
https://malware-log.hatenablog.com/entry/2022/06/02/000000_5

◆Confluence servers hacked to deploy AvosLocker, Cerber2021 ransomware (BleepingComputer, 2022/06/11 10:31)
[Confluence サーバーがハッキングされ、AvosLocker および Cerber2021 ランサムウェアが展開される]
https://www.bleepingcomputer.com/news/security/confluence-servers-hacked-to-deploy-avoslocker-cerber2021-ransomware/
https://malware-log.hatenablog.com/entry/2022/06/11/000000

◆After Conti Ransomware Brand Retires, Spinoffs Carry On (BankInfoSecurity, 2022/06/24)
[ランサムウェア・ブランド「コンティ」の撤退後、スピンオフ企業が続々と登場]
https://www.bankinfosecurity.com/after-conti-ransomware-brand-retires-spinoffs-carry-on-a-19447
https://malware-log.hatenablog.com/entry/2022/06/24/000000_11

◆How Conti ransomware hacked and encrypted the Costa Rican government (BleepingComputer, 2022/07/21 10:20)
[ランサムウェア「Conti」がコスタリカ政府をハッキングし、暗号化するまでの流れ]
https://www.bleepingcomputer.com/news/security/how-conti-ransomware-hacked-and-encrypted-the-costa-rican-government/
https://malware-log.hatenablog.com/entry/2022/07/21/000000_3

【ブログ】

■2021年

◆AvosLocker Ransomware (id-ransomware.blogspot.com, 2021/07/04)
https://id-ransomware.blogspot.com/2021/07/avoslocker-ransomware.html
https://malware-log.hatenablog.com/entry/2021/07/04/000000_6

◆AvosLocker enters the ransomware scene, asks for partners (MalwareBytes, 2021/07/23)
https://blog.malwarebytes.com/threat-intelligence/2021/07/avoslocker-enters-the-ransomware-scene-asks-for-partners/
https://malware-log.hatenablog.com/entry/2021/07/23/000000_9

◆注目すべき新興ランサムウェア攻撃グループ: AvosLocker、Hive、HelloKity、LockBit 2.0 (UNIT42(paloalto), 2021/08/24 03:00)
https://unit42.paloaltonetworks.jp/emerging-ransomware-groups/
https://malware-log.hatenablog.com/entry/2021/08/24/000000_7

◆7 Emerging Ransomware Groups Practicing Double Extortion (BankInfo Security, 2021/08/26)
https://www.bankinfosecurity.com/7-emerging-ransomware-groups-practicing-double-extortion-a-17384
https://malware-log.hatenablog.com/entry/2021/08/26/000000_10

◆Gigabyte victim to ransomware again (Security Magazine, 2021/10/22)
https://www.securitymagazine.com/articles/96364-gigabyte-victim-to-ransomware-again
https://malware-log.hatenablog.com/entry/2021/10/22/000000_12

◆Gigabyte victim to ransomware again (Security Magazine, 2021/10/22)
https://www.securitymagazine.com/articles/96364-gigabyte-victim-to-ransomware-again
https://malware-log.hatenablog.com/entry/2021/10/22/000000_12


■2022年

◆AvosLocker uses a combination of Windows Safe Mode and AnyDesk to launch attacks (Back End News, 2022/01/06)
[AvosLockerは、WindowsのセーフモードとAnyDeskを組み合わせて攻撃を仕掛ける]
https://backendnews.net/avoslocker-uses-a-combination-of-windows-safe-mode-and-anydesk-to-launch-attacks/
https://malware-log.hatenablog.com/entry/2022/01/06/000000_4

◆ESXiにもAvosLocker (テリロジー, 2022/01/12)
https://www.twx-threatintel.com/hobokomo-securitynews/20220112/tips-228/
https://malware-log.hatenablog.com/entry/2022/01/12/000000_8

【IoC情報】
URL 備考
avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion

◆ランサムウェアの リークサイト (まとめ)
https://ioc.hatenablog.com/entry/Leak_Site

関連情報

【関連まとめ記事】

全体まとめ
 ◆マルウェア / Malware (まとめ)

◆ランサムウェア (まとめ)
https://malware-log.hatenablog.com/entry/Ransomware


【RansomNote】

Attention!
Your files have been encrypted using AES-256.
We highly suggest not shutting down your computer in case encryption process is not finished, as your files may get corrupted.
In order to decrypt your files, you must pay for the decryption key & application.
You may do so by visiting us at http://avos2fuj6olp6x36.onion.
This is an onion address that you may access using Tor Browser which you may download at https://www.torproject.org/download/
Details such as pricing, how long before the price increases and such will be available to you once you enter your ID presented to you below in this note in our website.
Hurry up, as the price may increase in the following days.

Message from agent: n

Your ID: 35b1fc0df112fe4e3a4386e930eee24e8048a0756fa70153f67b2ce82bb60235