SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.avoslocker (Back to overview)

Avoslocker

There is no description at this point.

References
2022-09-28vmwareGiovanni Vigna
@online{vigna:20220928:esxitargeting:bd1ce9a, author = {Giovanni Vigna}, title = {{ESXi-Targeting Ransomware: The Threats That Are After Your Virtual Machines (Part 1)}}, date = {2022-09-28}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/09/esxi-targeting-ransomware-the-threats-that-are-after-your-virtual-machines-part-1.html}, language = {English}, urldate = {2022-10-10} } ESXi-Targeting Ransomware: The Threats That Are After Your Virtual Machines (Part 1)
Avoslocker Babuk Black Basta BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit Luna RansomEXX RedAlert Ransomware REvil
2022-04-07BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20220407:threat:d5d3259, author = {The BlackBerry Research & Intelligence Team}, title = {{Threat Thursday: AvosLocker Prompts Advisory from FBI and FinCEN}}, date = {2022-04-07}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/04/threat-thursday-avoslocker-prompts-advisory-from-fbi-and-fincen}, language = {English}, urldate = {2022-04-15} } Threat Thursday: AvosLocker Prompts Advisory from FBI and FinCEN
Avoslocker AvosLocker
2022-03-17IC3FINCEN, FBI, U.S. Department of the Treasury
@techreport{fincen:20220317:indicators:4c36c4d, author = {FINCEN and FBI and U.S. Department of the Treasury}, title = {{Indicators of Compromise Associated with AvosLocker Ransomware}}, date = {2022-03-17}, institution = {IC3}, url = {https://www.ic3.gov/Media/News/2022/220318.pdf}, language = {English}, urldate = {2022-03-22} } Indicators of Compromise Associated with AvosLocker Ransomware
Avoslocker AvosLocker
2022-03-06QualysGhanshyam More
@online{more:20220306:avoslocker:6a51fd8, author = {Ghanshyam More}, title = {{AvosLocker Ransomware Behavior Examined on Windows & Linux}}, date = {2022-03-06}, organization = {Qualys}, url = {https://blog.qualys.com/vulnerabilities-threat-research/2022/03/06/avoslocker-ransomware-behavior-examined-on-windows-linux}, language = {English}, urldate = {2022-03-10} } AvosLocker Ransomware Behavior Examined on Windows & Linux
Avoslocker AvosLocker
2022-03-02LexfoLexfo
@online{lexfo:20220302:avoslocker:840ae39, author = {Lexfo}, title = {{AvosLocker Ransomware Linux Version Analysis}}, date = {2022-03-02}, organization = {Lexfo}, url = {https://blog.lexfo.fr/Avoslocker.html}, language = {English}, urldate = {2022-04-20} } AvosLocker Ransomware Linux Version Analysis
Avoslocker
2022-02-25vmwareSudhir Devkar, Threat Analysis Unit
@online{devkar:20220225:avoslocker:4a19530, author = {Sudhir Devkar and Threat Analysis Unit}, title = {{AvosLocker – Modern Linux Ransomware Threats}}, date = {2022-02-25}, organization = {vmware}, url = {https://blogs.vmware.com/security/2022/02/avoslocker-modern-linux-ransomware-threats.html}, language = {English}, urldate = {2022-03-22} } AvosLocker – Modern Linux Ransomware Threats
Avoslocker
2022-01-17CybleincCyble
@online{cyble:20220117:avoslocker:e72ac8a, author = {Cyble}, title = {{AvosLocker Ransomware Linux Version Targets VMware ESXi Servers}}, date = {2022-01-17}, organization = {Cybleinc}, url = {https://blog.cyble.com/2022/01/17/avoslocker-ransomware-linux-version-targets-vmware-esxi-servers/}, language = {English}, urldate = {2022-02-01} } AvosLocker Ransomware Linux Version Targets VMware ESXi Servers
Avoslocker AvosLocker
Yara Rules
[TLP:WHITE] elf_avoslocker_w0 (20220322 | AvosLocker Ransomware)
rule elf_avoslocker_w0 {
	meta:
		description = "AvosLocker Ransomware"
		author = "VMware Threat Research"
		exemplar_hashes = "7c935dcd672c4854495f41008120288e8e1c144089f1f06a23bd0a0f52a544b1"
		source = "https://blogs.vmware.com/security/2022/02/avoslocker-modern-linux-ransomware-threats.html"
        malpedia_rule_date = "20220322"
        malpedia_hash = ""
		malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/elf.avoslocker"
		malpedia_version = "20220322"
		malpedia_license = "CC BY-NC-SA 4.0"
		malpedia_sharing = "TLP:WHITE"
	strings:
		$s1 = "avoslinux" wide ascii nocase
		$s2 = "README_FOR_RESTORE" wide ascii nocase
		$s3 = "Killing ESXi VMs" wide ascii nocase
	condition:
		uint32(0) == 0x464C457F and filesize > 1MB and filesize < 3MB and
		all of ($s*)
}
Download all Yara Rules