【要点】
◎2021年7月頃に活動を開始したランサムウェア/ランサムウェアを使用する犯罪組織
【目次】
概要
【辞書】
◆AvosLocker (Malpedia)
https://malpedia.caad.fkie.fraunhofer.de/details/win.avos_locker
【図表】
AvosLockerランサムウェアの活動状況(BleepingComputer/ID-Ransomware)
出典: https://www.bleepingcomputer.com/news/security/fbi-avoslocker-ransomware-targets-us-critical-infrastructure/
【概要】
| 項目 | 内容 |
|---|---|
| 拡張子 | .avos |
| Ransomnote | GET_YOUR_FILES_BACK.txt |
| リークサイト | hxxp://avos2fuj6olp6x36。onion hxxp://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5kla。onion |
| マルウェア MD5 | d285f1366d0d4fdae0b558db690497ea fe977e2028bbb774952df319042e3cab b76d1d3d2d40366569da67620cf78a87 |
【最新情報】
◆FBI shares AvosLocker ransomware technical details, defense tips (BleepingComputer, 2023/10/12 19:38)
[FBIがAvosLockerランサムウェアの技術的詳細と防御のヒントを公開]
https://www.bleepingcomputer.com/news/security/fbi-shares-avoslocker-ransomware-technical-details-defense-tips/
⇒ https://malware-log.hatenablog.com/entry/2023/10/12/000000_3
記事
【ニュース】
■2021年
◆AvosLocker ransomware gang to auction the data of victims who don’t pay (The Record, 2021/10/04)
https://therecord.media/avoslocker-ransomware-gang-to-auction-the-data-of-victims-who-dont-pay/
⇒ https://malware-log.hatenablog.com/entry/2021/10/04/000000_10
◆Pacific City Bank discloses ransomware attack claimed by AvosLocker (BleepingComputer, 2021/10/11 05:18)
Ransomware: AvosLocker
拡張子: , Ransomnote:https://www.bleepingcomputer.com/news/security/pacific-city-bank-discloses-ransomware-attack-claimed-by-avoslocker/
⇒ https://malware-log.hatenablog.com/entry/2021/10/11/000000_7
◆Gigabyte Allegedly Hit by AvosLocker Ransomware (Threatpost, 2021/10/21 13:33)
[Gigabyte社がランサムウェア「AvosLocker」に感染したとの報告を受ける]
https://threatpost.com/gigabyte-avoslocker-ransomware-gang/175642/
⇒ https://malware-log.hatenablog.com/entry/2021/10/21/000000_2
◆Halloween Horror-Show for Candy-Maker Hit by Ransomware (Info Security, 2021/10/22)
[ランサムウェアに感染したキャンディメーカーのハロウィーン・ホラー・ショー]
https://www.infosecurity-magazine.com/news/halloween-horrorshow-candymaker/
⇒ https://malware-log.hatenablog.com/entry/2021/10/22/000000_13
■2022年
◆身代金価格に合意しても機密情報を暴露 ランサムウェア攻撃による身代金交渉の実情とは (ITmedia, 2022/02/03 09:00)
https://www.itmedia.co.jp/enterprise/articles/2202/02/news066.html
⇒ https://malware-log.hatenablog.com/entry/2022/02/03/000000_1
◆FBI: Avoslocker ransomware targets US critical infrastructure (BleepingComputer, 2022/03/19)
[FBI 米国の重要インフラを狙うランサムウェア「Avoslocker」]
https://www.bleepingcomputer.com/news/security/fbi-avoslocker-ransomware-targets-us-critical-infrastructure/
⇒ https://malware-log.hatenablog.com/entry/2022/03/19/000000_2
◆AvosLocker ransomware attacking US critical infrastructure (SC Media, 2022/03/23)
https://www.scmagazine.com/brief/ransomware/avoslocker-ransomware-attacking-us-critical-infrastructure
⇒ https://malware-log.hatenablog.com/entry/2022/03/23/000000_10
◆Avastのセキュリティソフトを無効化 研究者が明かした“驚きの手口” (TechTarget, 2022/06/02 08:15)
https://techtarget.itmedia.co.jp/tt/news/2206/02/news09.html
⇒ https://malware-log.hatenablog.com/entry/2022/06/02/000000_5
◆Confluence servers hacked to deploy AvosLocker, Cerber2021 ransomware (BleepingComputer, 2022/06/11 10:31)
[Confluence サーバーがハッキングされ、AvosLocker および Cerber2021 ランサムウェアが展開される]
https://www.bleepingcomputer.com/news/security/confluence-servers-hacked-to-deploy-avoslocker-cerber2021-ransomware/
⇒ https://malware-log.hatenablog.com/entry/2022/06/11/000000
◆After Conti Ransomware Brand Retires, Spinoffs Carry On (BankInfoSecurity, 2022/06/24)
[ランサムウェア・ブランド「コンティ」の撤退後、スピンオフ企業が続々と登場]
https://www.bankinfosecurity.com/after-conti-ransomware-brand-retires-spinoffs-carry-on-a-19447
⇒ https://malware-log.hatenablog.com/entry/2022/06/24/000000_11
◆How Conti ransomware hacked and encrypted the Costa Rican government (BleepingComputer, 2022/07/21 10:20)
[ランサムウェア「Conti」がコスタリカ政府をハッキングし、暗号化するまでの流れ]
https://www.bleepingcomputer.com/news/security/how-conti-ransomware-hacked-and-encrypted-the-costa-rican-government/
⇒ https://malware-log.hatenablog.com/entry/2022/07/21/000000_3
◆Google says former Conti ransomware members now attack Ukraine (BleepingComputer, 2022/09/07 07:00)
[Google、元Contiランサムウェアのメンバーが今度はウクライナを攻撃すると発表]
https://www.bleepingcomputer.com/news/security/google-says-former-conti-ransomware-members-now-attack-ukraine/
⇒ https://malware-log.hatenablog.com/entry/2022/09/07/000000_8
■2023年
◆FBI shares AvosLocker ransomware technical details, defense tips (BleepingComputer, 2023/10/12 19:38)
[FBIがAvosLockerランサムウェアの技術的詳細と防御のヒントを公開]
https://www.bleepingcomputer.com/news/security/fbi-shares-avoslocker-ransomware-technical-details-defense-tips/
⇒ https://malware-log.hatenablog.com/entry/2023/10/12/000000_3
【ブログ】
■2021年
◆AvosLocker Ransomware (id-ransomware.blogspot.com, 2021/07/04)
https://id-ransomware.blogspot.com/2021/07/avoslocker-ransomware.html
⇒ https://malware-log.hatenablog.com/entry/2021/07/04/000000_6
◆AvosLocker enters the ransomware scene, asks for partners (MalwareBytes, 2021/07/23)
https://blog.malwarebytes.com/threat-intelligence/2021/07/avoslocker-enters-the-ransomware-scene-asks-for-partners/
⇒ https://malware-log.hatenablog.com/entry/2021/07/23/000000_9
◆注目すべき新興ランサムウェア攻撃グループ: AvosLocker、Hive、HelloKity、LockBit 2.0 (UNIT42(paloalto), 2021/08/24 03:00)
https://unit42.paloaltonetworks.jp/emerging-ransomware-groups/
⇒ https://malware-log.hatenablog.com/entry/2021/08/24/000000_7
◆7 Emerging Ransomware Groups Practicing Double Extortion (BankInfo Security, 2021/08/26)
https://www.bankinfosecurity.com/7-emerging-ransomware-groups-practicing-double-extortion-a-17384
⇒ https://malware-log.hatenablog.com/entry/2021/08/26/000000_10
◆Gigabyte victim to ransomware again (Security Magazine, 2021/10/22)
https://www.securitymagazine.com/articles/96364-gigabyte-victim-to-ransomware-again
⇒ https://malware-log.hatenablog.com/entry/2021/10/22/000000_12
◆Gigabyte victim to ransomware again (Security Magazine, 2021/10/22)
https://www.securitymagazine.com/articles/96364-gigabyte-victim-to-ransomware-again
⇒ https://malware-log.hatenablog.com/entry/2021/10/22/000000_12
■2022年
◆AvosLocker uses a combination of Windows Safe Mode and AnyDesk to launch attacks (Back End News, 2022/01/06)
[AvosLockerは、WindowsのセーフモードとAnyDeskを組み合わせて攻撃を仕掛ける]
https://backendnews.net/avoslocker-uses-a-combination-of-windows-safe-mode-and-anydesk-to-launch-attacks/
⇒ https://malware-log.hatenablog.com/entry/2022/01/06/000000_4
◆ESXiにもAvosLocker (テリロジー, 2022/01/12)
https://www.twx-threatintel.com/hobokomo-securitynews/20220112/tips-228/
⇒ https://malware-log.hatenablog.com/entry/2022/01/12/000000_8
【フォーラム】
◆AvosLocker Ransomware (.avos) Support Topic (BleepingComputer)
https://www.bleepingcomputer.com/forums/t/754311/avoslocker-ransomware-avos-support-topic/
⇒ https://malware-log.hatenablog.com/entry/BC_Forum_AvosLocker
【IoC情報】
| URL | 備考 |
|---|---|
| avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion |
◆ランサムウェアの リークサイト (まとめ)
https://ioc.hatenablog.com/entry/Leak_Site
【図表】
【検索】
google: AvosLocker
google:news: AvosLocker
google: site:virustotal.com AvosLocker
google: site:github.com AvosLocker
■Bing
https://www.bing.com/search?q=AvosLocker
https://www.bing.com/news/search?q=AvosLocker
https://twitter.com/search?q=%23AvosLocker
https://twitter.com/hashtag/AvosLocker
関連情報
【関連まとめ記事】
◆ランサムウェア (まとめ)
https://malware-log.hatenablog.com/entry/Ransomware
【RansomNote】
Attention!
Your files have been encrypted using AES-256.
We highly suggest not shutting down your computer in case encryption process is not finished, as your files may get corrupted.
In order to decrypt your files, you must pay for the decryption key & application.
You may do so by visiting us at http://avos2fuj6olp6x36.onion.
This is an onion address that you may access using Tor Browser which you may download at https://www.torproject.org/download/
Details such as pricing, how long before the price increases and such will be available to you once you enter your ID presented to you below in this note in our website.
Hurry up, as the price may increase in the following days.
Message from agent: n
Your ID: 35b1fc0df112fe4e3a4386e930eee24e8048a0756fa70153f67b2ce82bb60235
