Skip to content

Hide Navigation Hide TOC

AvosLocker - S1053 (0945a1a5-a79a-47c8-9079-10c16cdfcb5d)

AvosLocker is ransomware written in C++ that has been offered via the Ransomware-as-a-Service (RaaS) model. It was first observed in June 2021 and has been used against financial services, critical manufacturing, government facilities, and other critical infrastructure sectors in the United States. As of March 2022, AvosLocker had also been used against organizations in Belgium, Canada, China, Germany, Saudi Arabia, Spain, Syria, Taiwan, Turkey, the United Arab Emirates, and the United Kingdom.(Citation: Malwarebytes AvosLocker Jul 2021)(Citation: Trend Micro AvosLocker Apr 2022)(Citation: Joint CSA AvosLocker Mar 2022)

Cluster A Galaxy A Cluster B Galaxy B Level
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern AvosLocker - S1053 (0945a1a5-a79a-47c8-9079-10c16cdfcb5d) Malware 1
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern AvosLocker - S1053 (0945a1a5-a79a-47c8-9079-10c16cdfcb5d) Malware 1
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern AvosLocker - S1053 (0945a1a5-a79a-47c8-9079-10c16cdfcb5d) Malware 1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern AvosLocker - S1053 (0945a1a5-a79a-47c8-9079-10c16cdfcb5d) Malware 1
AvosLocker - S1053 (0945a1a5-a79a-47c8-9079-10c16cdfcb5d) Malware Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 1
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc) Attack Pattern AvosLocker - S1053 (0945a1a5-a79a-47c8-9079-10c16cdfcb5d) Malware 1
Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4) Attack Pattern AvosLocker - S1053 (0945a1a5-a79a-47c8-9079-10c16cdfcb5d) Malware 1
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern AvosLocker - S1053 (0945a1a5-a79a-47c8-9079-10c16cdfcb5d) Malware 1
AvosLocker - S1053 (0945a1a5-a79a-47c8-9079-10c16cdfcb5d) Malware Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471) Attack Pattern 1
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern AvosLocker - S1053 (0945a1a5-a79a-47c8-9079-10c16cdfcb5d) Malware 1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern AvosLocker - S1053 (0945a1a5-a79a-47c8-9079-10c16cdfcb5d) Malware 1
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern AvosLocker - S1053 (0945a1a5-a79a-47c8-9079-10c16cdfcb5d) Malware 1
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern AvosLocker - S1053 (0945a1a5-a79a-47c8-9079-10c16cdfcb5d) Malware 1
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern AvosLocker - S1053 (0945a1a5-a79a-47c8-9079-10c16cdfcb5d) Malware 1
AvosLocker - S1053 (0945a1a5-a79a-47c8-9079-10c16cdfcb5d) Malware Safe Mode Boot - T1562.009 (28170e17-8384-415c-8486-2e6b294cb803) Attack Pattern 1
Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Safe Mode Boot - T1562.009 (28170e17-8384-415c-8486-2e6b294cb803) Attack Pattern 2