{"id":16763,"date":"2023-03-28T10:07:53","date_gmt":"2023-03-28T17:07:53","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=16763"},"modified":"2023-07-11T14:39:36","modified_gmt":"2023-07-11T21:39:36","slug":"all-about-avoslocker-ransomware","status":"publish","type":"post","link":"https:\/\/10.42.32.162\/articles\/all-about-avoslocker-ransomware\/","title":{"rendered":"All About AvosLocker Ransomware"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"16763\" class=\"elementor elementor-16763\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-e5f5e3f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"e5f5e3f\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-a64f476\" data-id=\"a64f476\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-56e0678 elementor-widget elementor-widget-text-editor\" data-id=\"56e0678\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Though REvil, LockBit and Conti ruled the limelight in most of 2021 and 2022, one ransomware group that slipped the prying eyes of cybersecurity experts was AvosLocker ransomware. AvosLocker took advantage of the circumstances and developed into a deadly adversary by targeting <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/fbi-avoslocker-ransomware-targets-us-critical-infrastructure\/\" target=\"_blank\" rel=\"noopener\">critical infrastructure<\/a> in different sectors of the US, Canada, UK and Spain in 2021. Their clever use of conventional tactics makes it a ransomware variant still worth monitoring today. Read on to find out more about the ransomware as a service (RaaS) group.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b7225f4 elementor-widget elementor-widget-text-editor\" data-id=\"b7225f4\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>AvosLocker ransomware affects a large number of users worldwide and usually targets computers of home, corporate and large organizational users running Microsoft Windows operating systems, including Windows XP, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Server 2003, and Windows Server 2008. It has been reported to have infected over 100,000 computers since mid-2021, making it one of the most dangerous ransomware strains currently in circulation.<\/p><p>Amongst the various techniques AvosLocker has been reported to use to spread itself, the use of email attachments, malicious links, malicious files, and exploiting known vulnerabilities in software, and even linking malicious advertisements on websites,\u00a0 expands their outreach tremendously.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bd9d5e2 elementor-widget elementor-widget-spacer\" data-id=\"bd9d5e2\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3e89cef elementor-widget elementor-widget-heading\" data-id=\"3e89cef\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">In This Article<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c78fbe3 elementor-widget elementor-widget-text-editor\" data-id=\"c78fbe3\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li><a href=\"#AvosLocker-Vulnerabilities\">AvosLocker Vulnerabilities<\/a><\/li><li><a href=\"#Interesting-Trends\">Interesting Trends<\/a><\/li><li><a href=\"#Attack-Methodology\">Attack Methodology<\/a><\/li><li><a href=\"#AvosLocker-MITRE-Map-and-IoCs\">AvosLocker MITRE Map and IoCs<\/a><\/li><li><a href=\"#Products-Affected-by-AvosLocker-Ransomware-Vulnerabilities\">Products Affected by AvosLocker Ransomware Vulnerabilities<\/a><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a17e106 elementor-widget elementor-widget-spacer\" data-id=\"a17e106\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1ced234 elementor-widget elementor-widget-menu-anchor\" data-id=\"1ced234\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div id=\"AvosLocker-Vulnerabilities\" class=\"elementor-menu-anchor\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8d3fbfe elementor-widget elementor-widget-heading\" data-id=\"8d3fbfe\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">AvosLocker Vulnerabilities<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d2f6bef elementor-widget elementor-widget-spacer\" data-id=\"d2f6bef\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a723a78 elementor-widget elementor-widget-text-editor\" data-id=\"a723a78\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><b>Securin experts identified a set of 12 vulnerabilities associated with AvosLocker. Let us take a closer look at the vulnerabilities.<\/b><\/p><p>\u00a0<\/p><ol><li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-19320\" target=\"_blank\" rel=\"noopener\">CVE-2018-19320<\/a> &#8211; The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 &#8211; 3 Ransomware \/ 0 APT &#8211; CISA KEV, Trending<\/li><\/ol>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-47b8fe1 elementor-widget elementor-widget-text-editor\" data-id=\"47b8fe1\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><strong>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0CVSS v2 &#8211; 7.20 | CVSS v3- 7.80 | Securin VRS &#8211; 8.66<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-976186c elementor-widget elementor-widget-image\" data-id=\"976186c\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"871\" height=\"328\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_01.png\" class=\"attachment-full size-full wp-image-16791\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_01.png 871w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_01-300x113.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_01-768x289.png 768w\" sizes=\"(max-width: 871px) 100vw, 871px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d282f6f elementor-widget elementor-widget-spacer\" data-id=\"d282f6f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9332a9e elementor-widget elementor-widget-text-editor\" data-id=\"9332a9e\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>2. <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-44228\" target=\"_blank\" rel=\"noopener\">CVE-2021-44228<\/a> &#8211; Log4Shell vulnerability &#8211; 7 Ransomware \/ 10 APT &#8211; CISA KEV, Trending<\/p><p><strong>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 CVSS v2 &#8211; 9.30 | CVSS v3 &#8211; 10.00 | Securin VRS &#8211; 9.98<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-27cd39d elementor-widget elementor-widget-image\" data-id=\"27cd39d\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1003\" height=\"305\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_02.png\" class=\"attachment-full size-full wp-image-16792\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_02.png 1003w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_02-300x91.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_02-768x234.png 768w\" sizes=\"(max-width: 1003px) 100vw, 1003px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4d23fe5 elementor-widget elementor-widget-spacer\" data-id=\"4d23fe5\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f81af7a elementor-widget elementor-widget-text-editor\" data-id=\"f81af7a\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>3. <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2021-45105\" target=\"_blank\" rel=\"noopener\">CVE-2021-45105<\/a>: Apache Log4j2 versions 2.0-alpha1 through 2.16.0 &#8211; 1 APT \/ 1 Ransomware &#8211; Trending<\/p><p><strong>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0CVSS v2 &#8211; 4.30 | CVSS v3 &#8211; 5.90 | Securin VRS &#8211; 7.84<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5b817fa elementor-widget elementor-widget-image\" data-id=\"5b817fa\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"987\" height=\"303\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_03.png\" class=\"attachment-full size-full wp-image-16793\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_03.png 987w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_03-300x92.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_03-768x236.png 768w\" sizes=\"(max-width: 987px) 100vw, 987px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-84d7e67 elementor-widget elementor-widget-spacer\" data-id=\"84d7e67\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fe1626a elementor-widget elementor-widget-text-editor\" data-id=\"fe1626a\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>4. <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-45046\" target=\"_blank\" rel=\"noopener\">CVE-2021-45046<\/a> &#8211; It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. &#8211; 1 Ransomware \/ 3 APT &#8211; Trending<\/p><p><strong>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 CVSS v2 -5.10 | CVSS v3 &#8211; 9.00 | Securin VRS &#8211; 8.1<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6d3d9a1 elementor-widget elementor-widget-image\" data-id=\"6d3d9a1\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"978\" height=\"308\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_04.png\" class=\"attachment-full size-full wp-image-16795\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_04.png 978w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_04-300x94.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_04-768x242.png 768w\" sizes=\"(max-width: 978px) 100vw, 978px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-45dd7e0 elementor-widget elementor-widget-spacer\" data-id=\"45dd7e0\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b87db84 elementor-widget elementor-widget-text-editor\" data-id=\"b87db84\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>5. <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-44832\" target=\"_blank\" rel=\"noopener\">CVE-2021-44832<\/a> &#8211; Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4). 1 Ransomware \/ 2 APT &#8211; Trending<\/p><p><strong>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 CVSS v2 &#8211; 8.50 | CVSS v3 &#8211; 6.60 | Securin VRS &#8211; 7.44<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1db2d56 elementor-widget elementor-widget-image\" data-id=\"1db2d56\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"986\" height=\"308\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_05.png\" class=\"attachment-full size-full wp-image-16796\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_05.png 986w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_05-300x94.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_05-768x240.png 768w\" sizes=\"(max-width: 986px) 100vw, 986px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-efd2e09 elementor-widget elementor-widget-spacer\" data-id=\"efd2e09\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8e03a34 elementor-widget elementor-widget-text-editor\" data-id=\"8e03a34\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>6. <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-26855\" target=\"_blank\" rel=\"noopener\">CVE-2021-26855<\/a> &#8211; Microsoft Exchange Server Remote Code Execution Vulnerability &#8211; 7 Ransomware \/ 15 APT &#8211; CISA KEV, Trending<\/p><p><strong>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0CVSS v2 &#8211; 7.50 | CVSS v3 &#8211; 9.80 | Securin VRS &#8211; 9.96<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-03a8c54 elementor-widget elementor-widget-image\" data-id=\"03a8c54\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"974\" height=\"283\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_06.png\" class=\"attachment-full size-full wp-image-16803\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_06.png 974w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_06-300x87.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_06-768x223.png 768w\" sizes=\"(max-width: 974px) 100vw, 974px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-868f3ed elementor-widget elementor-widget-spacer\" data-id=\"868f3ed\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2c85bfd elementor-widget elementor-widget-text-editor\" data-id=\"2c85bfd\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>7. <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2021-31207\" target=\"_blank\" rel=\"noopener\">CVE-2021-31207<\/a> &#8211; Microsoft Exchange Server Security Feature Bypass Vulnerability &#8211; 13 Ransomware \/ 7 APT &#8211; CISA KEV, Trending<\/p><p><strong>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0CVSS v2 &#8211; 6.50 | CVSS v3 &#8211; 7.20 | Securin VRS &#8211; 9.06<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0c03dd6 elementor-widget elementor-widget-image\" data-id=\"0c03dd6\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"999\" height=\"298\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_07.png\" class=\"attachment-full size-full wp-image-16804\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_07.png 999w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_07-300x89.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_07-768x229.png 768w\" sizes=\"(max-width: 999px) 100vw, 999px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e06bb61 elementor-widget elementor-widget-spacer\" data-id=\"e06bb61\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7307a62 elementor-widget elementor-widget-text-editor\" data-id=\"7307a62\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>8. <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-34473\" target=\"_blank\" rel=\"noopener\">CVE-2021-34473<\/a> &#8211; Microsoft Exchange Server Remote Code Execution Vulnerability &#8211; 12 Ransomware \/ 8 APT &#8211; CISA KEV, Trending<\/p><p><strong>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0CVSS v2 &#8211; 10 | CVSS v3 &#8211; 9.8 | Securin VRS &#8211; 9.96<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6c88c49 elementor-widget elementor-widget-image\" data-id=\"6c88c49\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1003\" height=\"309\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_08.png\" class=\"attachment-full size-full wp-image-16805\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_08.png 1003w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_08-300x92.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_08-768x237.png 768w\" sizes=\"(max-width: 1003px) 100vw, 1003px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d891aa6 elementor-widget elementor-widget-spacer\" data-id=\"d891aa6\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-19b2383 elementor-widget elementor-widget-text-editor\" data-id=\"19b2383\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>9. <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-34523\" target=\"_blank\" rel=\"noopener\">CVE-2021-34523<\/a> &#8211; Microsoft Exchange Server Privilege Escalation Vulnerability &#8211; 12 Ransomware \/ 8 APT &#8211; CISA KEV, Trending<\/p><p><strong>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 CVSS v2 &#8211; 7.50 |\u00a0 CVSS v3 &#8211; 9.80 |\u00a0 Securin VRS &#8211; 9.96<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0409b80 elementor-widget elementor-widget-image\" data-id=\"0409b80\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"992\" height=\"308\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_09.png\" class=\"attachment-full size-full wp-image-16806\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_09.png 992w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_09-300x93.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_09-768x238.png 768w\" sizes=\"(max-width: 992px) 100vw, 992px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ccd3b3a elementor-widget elementor-widget-spacer\" data-id=\"ccd3b3a\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dabc0b4 elementor-widget elementor-widget-text-editor\" data-id=\"dabc0b4\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>10. <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2021-40539\" target=\"_blank\" rel=\"noopener\">CVE-2021-40539<\/a> &#8211; Zoho ManageEngine ADSelfService Plus &#8211; 1 Ransomware \/ 2 APT &#8211; CISA KEV, Trendig<\/p><p><strong>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 CVSS v2 &#8211; 7.5 | CVSS v3 &#8211; 9.8 | Securin VRS &#8211; 9.96<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1756975 elementor-widget elementor-widget-image\" data-id=\"1756975\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"975\" height=\"302\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_10.png\" class=\"attachment-full size-full wp-image-16807\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_10.png 975w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_10-300x93.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_10-768x238.png 768w\" sizes=\"(max-width: 975px) 100vw, 975px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bc1c570 elementor-widget elementor-widget-spacer\" data-id=\"bc1c570\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d3d7fac elementor-widget elementor-widget-text-editor\" data-id=\"d3d7fac\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>11. <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-31206\" target=\"_blank\" rel=\"noopener\">CVE-2021-31206<\/a> &#8211; Microsoft Exchange Server Remote Code Execution Vulnerability &#8211; 1 Ransomware \/ 0 APT &#8211; Trending<\/p><p><strong>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 CVSS v2 &#8211; 7.90 | CVSS v3 &#8211; 8.00 | Securin VRS &#8211; 8.36<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5dc7497 elementor-widget elementor-widget-image\" data-id=\"5dc7497\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"960\" height=\"309\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_11.png\" class=\"attachment-full size-full wp-image-16808\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_11.png 960w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_11-300x97.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_11-768x247.png 768w\" sizes=\"(max-width: 960px) 100vw, 960px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-12d423f elementor-widget elementor-widget-spacer\" data-id=\"12d423f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c752b67 elementor-widget elementor-widget-text-editor\" data-id=\"c752b67\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>12. <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2022-26134\" target=\"_blank\" rel=\"noopener\">CVE-2021-26134<\/a> &#8211; Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. &#8211; 2 Ransomware \/ 5 APT &#8211; CISA KEV, Trending<\/p><p><strong>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 CVSS v2 &#8211; 7.50 | CVSS v3 &#8211; 9.80 | Securin VRS &#8211; 9.96<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3ffa704 elementor-widget elementor-widget-image\" data-id=\"3ffa704\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"966\" height=\"305\" src=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_12.png\" class=\"attachment-1536x1536 size-1536x1536 wp-image-16809\" alt=\"\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_12.png 966w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_12-300x95.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/avoslocker_12-768x242.png 768w\" sizes=\"(max-width: 966px) 100vw, 966px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-496bdf1 elementor-widget elementor-widget-spacer\" data-id=\"496bdf1\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d3e1b53 elementor-widget elementor-widget-menu-anchor\" data-id=\"d3e1b53\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div id=\"Interesting-Trends\" class=\"elementor-menu-anchor\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cb15547 elementor-widget elementor-widget-heading\" data-id=\"cb15547\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Interesting Trends<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b0b0a71 elementor-widget elementor-widget-spacer\" data-id=\"b0b0a71\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-677be41 elementor-widget elementor-widget-text-editor\" data-id=\"677be41\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li style=\"font-weight: 400;\" aria-level=\"1\"><strong>Using AnyDesk:<\/strong> <span style=\"font-weight: 400;\">A notable characteristic of AvosLocker campaigns is the use of AnyDesk, a remote desktop administration tool, to connect to victim machines. Operators can manually operate and infect machines using this tool.<br \/><br \/><\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><strong>Runs on Safe Mode:<\/strong><span style=\"font-weight: 400;\"> A key element of AvosLocker is being able to run itself on safe mode as part of its evasion tactics. This technique was previously employed by the now defunct REvil ransomware group. The attacker is able to restart the victim\u2019s machines, disable specific drivers and run on safe mode, since most security measures cannot run on this mode. Often, the operators set up drivers to ensure AnyDesk can be run on safe mode as well.\u00a0<br \/><br \/><\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><strong>Auctioning Stolen Data:<\/strong><span style=\"font-weight: 400;\"> AvosLocker operators use another tactic borrowed from the REvil playbook in order to monetize a single successful attack or salvage a failed one\u2013auctioning stolen data on its website on top of its double extortion scheme. Launching multiple versions of the same ransomware: AvosLocker operators released several versions of their ransomware, with the latest one being a Linux variant, launched in October 2021, that is capable of attacking ESXi virtual machines (VMs).<br \/><\/span><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bd8a47c elementor-widget elementor-widget-spacer\" data-id=\"bd8a47c\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-eff5a7c elementor-widget elementor-widget-menu-anchor\" data-id=\"eff5a7c\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div id=\"Attack-Methodology\" class=\"elementor-menu-anchor\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b9299ea elementor-widget elementor-widget-heading\" data-id=\"b9299ea\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Attack Methodology<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f6c5b17 elementor-widget elementor-widget-spacer\" data-id=\"f6c5b17\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1daa2b8 elementor-widget elementor-widget-text-editor\" data-id=\"1daa2b8\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The victim opens a malicious email that contains an infected file.\u00a0<br \/><br \/><\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">When the user opens the attachment, a malicious script is run on the computer. This script downloads and executes the ransomware onto the computer. Once the ransomware is installed, it will begin to encrypt the user&#8217;s files and folders.<br \/><br \/><\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">AvosLocker ransomware uses polymorphic techniques to change its code to evade detection by antivirus software that may be installed on the victim\u2019s computer. It also uses anti-debugging techniques to make it harder for researchers to analyze its code. Often, the ransomware group uses legitimate anti-debugging services to hide its malicious activities.<br \/><br \/><\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Once the files are encrypted, a ransom note is displayed on the user&#8217;s computer, which demands a ransom payment in order to decrypt the files. The ransom note typically provides instructions on how to pay the ransom and may include links to a payment website. The ransom note may also contain threats to delete the user&#8217;s files if the ransom is not paid.<br \/><br \/><\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">In addition to encrypting files, the AvosLocker ransomware also attempts to delete system restore points, shadow copies, and any backups that the user may have. This prevents the user from recovering their files without paying the ransom.<\/span><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2fdb2b3 elementor-widget elementor-widget-spacer\" data-id=\"2fdb2b3\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ff1a5b5 elementor-widget elementor-widget-menu-anchor\" data-id=\"ff1a5b5\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div id=\"AvosLocker-MITRE-Map-and-IoCs\" class=\"elementor-menu-anchor\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-59abd48 elementor-widget elementor-widget-heading\" data-id=\"59abd48\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">AvosLocker MITRE Map and IoCs<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2b2b17f elementor-widget elementor-widget-spacer\" data-id=\"2b2b17f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b225867 elementor-widget elementor-widget-text-editor\" data-id=\"b225867\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<h3><strong>MITRE MAP:<\/strong><\/h3>\n<table>\n<tbody>\n<tr>\n<td><strong><span style=\"color: #000000;\">Initial Access<\/span><\/strong><\/td>\n<td>\n<p style=\"text-align: left;\"><span style=\"font-weight: 400;\">T1190<\/span><span style=\"font-weight: 400;\"> Exploit public-facing application<\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-weight: 400;\">T1078 <\/span><span style=\"font-weight: 400;\">Valid accounts<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #000000;\">Execution<\/span><\/strong><\/td>\n<td>\n<p style=\"text-align: left;\"><span style=\"font-weight: 400;\">T1059<\/span> <span style=\"font-weight: 400;\">Command and scripting interpreter<\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-weight: 400;\">T1072 <\/span><span style=\"font-weight: 400;\">Software deployment tools<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #000000;\">Persistence<\/span><\/strong><\/td>\n<td>\n<p style=\"text-align: left;\"><span style=\"font-weight: 400;\">T1136 <\/span><span style=\"font-weight: 400;\">\u00a0Create account<\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-weight: 400;\">T1547 <\/span><span style=\"font-weight: 400;\">Boot or logon autostart execution<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #000000;\">Defense Evasion<\/span><\/strong><\/td>\n<td>\n<p style=\"text-align: left;\"><span style=\"font-weight: 400;\">T1112<\/span><span style=\"font-weight: 400;\"> Modify registry<\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-weight: 400;\">T1562 <\/span><span style=\"font-weight: 400;\">Impair defenses<\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-weight: 400;\">T1140<\/span><span style=\"font-weight: 400;\"> Deobfuscate\/Decode files or information<\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-weight: 400;\">T1070<\/span><span style=\"font-weight: 400;\"> Indicator removal on host<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #000000;\">Credential Access<\/span><\/strong><\/td>\n<td>\n<p style=\"text-align: left;\"><span style=\"font-weight: 400;\">T1003 <\/span><span style=\"font-weight: 400;\">OS credential dumping<\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-weight: 400;\">T1552<\/span><span style=\"font-weight: 400;\"> Unsecured credentials<\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-weight: 400;\">T1555 <\/span><span style=\"font-weight: 400;\">Credentials from password stores<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #000000;\">Discovery<\/span><\/strong><\/td>\n<td>\n<p style=\"text-align: left;\"><span style=\"font-weight: 400;\">T1083 <\/span><span style=\"font-weight: 400;\">File and directory discovery<\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-weight: 400;\">T1135 <\/span><span style=\"font-weight: 400;\">Network share discovery<\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-weight: 400;\">T1057 <\/span><span style=\"font-weight: 400;\">Process discovery<\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-weight: 400;\">T1018 <\/span><span style=\"font-weight: 400;\">Remote system discovery<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #000000;\">Lateral Movement<\/span><\/strong><\/td>\n<td>\n<p style=\"text-align: left;\"><span style=\"font-weight: 400;\">T1021 <\/span><span style=\"font-weight: 400;\">Remote services<\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-weight: 400;\">T1072 <\/span><span style=\"font-weight: 400;\">Software deployment tools<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #000000;\">Command and Control<\/span><\/strong><\/td>\n<td style=\"text-align: left;\"><span style=\"font-weight: 400;\">T1219 <\/span><span style=\"font-weight: 400;\">Remote access software<\/span><\/td>\n<\/tr>\n<tr>\n<td><strong><span style=\"color: #000000;\">Impact<\/span><\/strong><\/td>\n<td>\n<p style=\"text-align: left;\"><span style=\"font-weight: 400;\">T1436 <\/span><span style=\"font-weight: 400;\">Data encrypted for impact<\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-weight: 400;\">T1489 <\/span><span style=\"font-weight: 400;\">Service stop<\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-weight: 400;\">T1490 <\/span><span style=\"font-weight: 400;\">Inhibit system recovery<\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-weight: 400;\">T1491 <\/span><span style=\"font-weight: 400;\">Defacement<\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0fcc40b elementor-widget elementor-widget-spacer\" data-id=\"0fcc40b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-de5f2fb elementor-widget elementor-widget-text-editor\" data-id=\"de5f2fb\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<h3><strong>Indicators of Compromise<\/strong><\/h3><table dir=\"ltr\" border=\"1\" cellspacing=\"0\" cellpadding=\"0\"><colgroup> <col width=\"300\" \/> <col width=\"800\" \/><\/colgroup><tbody><tr><td data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;Key&quot;}\"><strong><span style=\"color: #000000;\">Key<\/span><\/strong><\/td><td data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;Value&quot;}\"><strong><span style=\"color: #000000;\">Value<\/span><\/strong><\/td><\/tr><tr><td data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;Platform&quot;}\"><strong><span style=\"color: #000000;\">Platform<\/span><\/strong><\/td><td style=\"text-align: left;\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;Windows\\nLinux\\nEXSi&quot;}\">Windows<br \/>Linux<br \/>EXSi<\/td><\/tr><tr><td data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;Language&quot;}\"><strong><span style=\"color: #000000;\">Language<\/span><\/strong><\/td><td style=\"text-align: left;\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;C++&quot;}\">C++<\/td><\/tr><tr><td data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;Encrypting Algo's&quot;}\"><strong><span style=\"color: #000000;\">Encrypting Algo&#8217;s<\/span><\/strong><\/td><td style=\"text-align: left;\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;RSA\\nAES-256(Toencryptfiles)\\nChaCha20Algof\\nencryptencrypteddata&quot;}\">RSA<br \/>AES-256(Toencryptfiles)<br \/>ChaCha20Algof<br \/>encry ptencrypteddata<\/td><\/tr><tr><td data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;Mutex Name &quot;}\"><strong><span style=\"color: #000000;\">Mutex Name<\/span><\/strong><\/td><td style=\"text-align: left;\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;ievah8eVki3Ho4oo&quot;}\">ievah8eVki3Ho4oo<\/td><\/tr><tr><td data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;API's&quot;}\"><strong><span style=\"color: #000000;\">API&#8217;s<\/span><\/strong><\/td><td data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;Webshell\\nMoveFileW\\nRMStartSession\\nRmRegisterResources\\nRmGetList(toaccessthefilesf\\nencryption)\\nWNetOpenEnumA\\nWNetEnumResourceA\\n\\nWNetAddConnection2A(toenumerate\\nencryptthenetw\\nkresources)&quot;}\"><p style=\"text-align: left;\">Webshell<br \/>MoveFileW<br \/>RMStartSession<br \/>RmRegisterResources<br \/>RmGetList(toaccessthefilesf<br \/>encryption)<br \/>WNetOpenEnumA<br \/>WNetEnumResourceA<\/p><p style=\"text-align: left;\">WNetAddConnection2A(toenumerate<br \/>encryptthenetw<br \/>kresources)<\/p><\/td><\/tr><tr><td style=\"text-align: center;\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;DLL's&quot;}\"><strong><span style=\"color: #000000;\">DLL&#8217;s<\/span><\/strong><\/td><td style=\"text-align: left;\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;api-ms-win-c\\ne-datetime-l1-1-1\\napi-ms-win-c\\ne-file-l1-2-2\\napi-ms-win-c\\ne-localization-l1-2-1\\napi-ms-win-c\\ne-localization-obsolete-l1-2-0\\napi-ms-win-c\\ne-processthreads-l1-1-2\\napi-ms-win-c\\ne-string-l1-1-0\\napi-ms-win-c\\ne-sysinfo-l1-2-1\\napi-ms-win-c\\ne-winrt-l1-1-0\\napi-ms-win-c\\ne-xstate-l2-1-0\\napi-ms-win-security-systemfunctions-l1-1-0\\next-ms-win-ntuser-dialogbox-l1-1-0\\next-ms-win-ntuser-windowstation-l1-1-0\\napi-ms-win-appmodel-runtime-l1-1-2&quot;}\">api-ms-win-c<br \/>e-datetime-l1-1-1<br \/>api-ms-win-c<br \/>e-file-l1-2-2<br \/>api-ms-win-c<br \/>e-localization-l1-2-1<br \/>api-ms-win-c<br \/>e-localization-obsolete-l1-2-0<br \/>api-ms-win-c<br \/>e-processthreads-l1-1-2<br \/>api-ms-win-c<br \/>e-string-l1-1-0<br \/>api-ms-win-c<br \/>e-sysinfo-l1-2-1<br \/>api-ms-win-c<br \/>e-winrt-l1-1-0<br \/>api-ms-win-c<br \/>e-xstate-l2-1-0<br \/>api-ms-win-security-systemfunctions-l1-1-0<br \/>ext-ms-win-ntuser-dialogbox-l1-1-0<br \/>ext-ms-win-ntuser-windowstation-l1-1-0<br \/>api-ms-win-appmodel-runtime-l1-1-2<\/td><\/tr><tr><td data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;AvosLocker using tools to access device\/host&quot;}\"><strong><span style=\"color: #000000;\">AvosLocker Using Tools to Access Device\/Host<\/span><\/strong><\/td><td style=\"text-align: left;\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;CobaltStrike\\nEncodedPowerShellscripts(publiclyavailabletool)\\nPuTTYSecureCopyclienttool\u201cpscp.exe\u201d\\nRclone\\nAnydesk\\nScanner\\nAdvancedIPscanner\\nWinLister\\nChisel\\nPDQDeploy(PDQDeploytopushoutWindowsbatchscriptstomachinestheyplannedtotarget.)&quot;}\">CobaltStrike<br \/>EncodedPowerShellscripts(publiclyavailabletool)<br \/>PuTTYSecureCopyclienttool\u201cpscp.exe\u201d<br \/>Rclone<br \/>Anydesk<br \/>Scanner<br \/>AdvancedIPscanner<br \/>WinLister<br \/>Chisel<br \/>PDQDeploy(PDQDeploytopushoutWindowsbatchscriptstomachinestheyplannedtotarget.)<\/td><\/tr><tr><td data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;Affected file extensions&quot;}\"><strong><span style=\"color: #000000;\">Affected File Extensions<\/span><\/strong><\/td><td style=\"text-align: left;\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;ndoc\\ndocx\\nxls\\nxlsx\\nppt\\npptx\\npst\\nost\\nmsg\\neml\\nvsd\\nvsdx\\ntxt\\ncsv\\nrtf\\nwks\\nwk1\\npdf\\ndwg\\nonetoc2\\nsnt\\njpeg\\njpg\\ndocb\\ndocm\\ndot\\ndotm\\ndotx\\nxlsm\\nxlsb\\nxlw\\nxlt\\nxlm\\nxlc\\nxltx\\nxltm\\npptm\\npot\\npps\\nppsm\\nppsx\\nppam\\npotx\\npotm\\nedb\\nhwp\\n602\\nsxi\\nsti\\nsldx\\nsldm\\nsldm\\nvdi\\nvmdk\\nvmx\\ngpg\\naes\\nARC\\nPAQ\\nbz2\\ntbk\\nbak\\ntar\\ntgz\\ngz\\n7z\\nrar\\nzip\\nbackup\\niso\\nvcd\\nbmp\\npng\\ngif\\nraw\\ncgm\\ntif\\ntiff\\nnef\\npsd\\nai\\nsvg\\ndjvu\\nm4u\\nm3u\\nmid\\nwma\\nflv\\n3g2\\nmkv\\n3gp\\nmp4\\nmov\\navi\\nasf\\nmpeg\\nvob\\nmpg\\nwmv\\nfla\\nswf\\nwav\\nmp3\\nsh\\nclass\\njar\\njava\\nrb\\nasp\\nphp\\njsp\\nbrd\\nsch\\ndch\\ndip\\npl\\nvb\\nvbs\\nps1\\nbat\\ncmd\\njs\\nasm\\nh\\npas\\ncpp\\nc\\ncs\\nsuo\\nsln\\nldf\\nmdf\\nibd\\nmyi\\nmyd\\nfrm\\nodb\\ndbf\\ndb\\nmdb\\naccdb\\nsql\\nsqlitedb\\nsqlite3\\nasc\\nlay6\\nlay\\nmml\\nsxm\\notg\\nodg\\nuop\\nstd\\nsxd\\notp\\nodp\\nwb2\\nslk\\ndif\\nstc\\nsxc\\nots\\nods\\n3dm\\nmax\\n3ds\\nuot\\nstw\\nsxw\\nott\\nodt\\npem\\np12\\ncsr\\ncrt\\nkey\\npfx\\nder\\ndat&quot;}\">ndoc, docx, xls, xlsx, ppt, pptx, pst, ost, msg, eml, vsd, vsdx, txt, csv, rtf, wks, wk1, pdf, dwg, onetoc2, snt, jpeg, jpg, docb, docm, dot, dotm, dotx, xlsm, xlsb, xlw, xlt, xlm, xlc, xltx, xltm, pptm, pot, pps, ppsm, ppsx, ppam, potx, potm, edb, hwp, 602, sxi, sti, sldx, sldm, sldm, vdi, vmdk, vmx, gpg, aes, ARC, PAQ, bz2, tbk, bak, tar, tgz, gz, 7z, rar, zip, backup, iso, vcd, bmp, png, gif, raw, cgm, tif, tiff, nef, psd, ai, svg, djvu, m4u, m3u, mid, wma, flv, 3g2, mkv, 3gp, mp4, mov, avi, asf, mpeg, vob, mpg, wmv, fla, swf, wav, mp3, sh, class, jar, java, rb, asp, php, jsp, brd, sch, dch, dip, pl, vb, vbs, ps1, bat, cmd, js, asm, h, pas, cpp, c, cs, suo, sln, ldf, mdf, ibd, myi, myd, frm, odb, dbf, db, mdb, accdb, sql, sqlitedb, sqlite3, asc, lay6, lay, mml, sxm, otg, odg, uop, std, sxd, otp, odp, wb2, slk, dif, stc, sxc, ots, ods, 3dm, max, 3ds, uot, stw, sxw, ott, odt, pem, p12, csr, crt, key, pfx, der, dat<\/td><\/tr><tr><td data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;AvosLocker encrypted files extension&quot;}\"><strong><span style=\"color: #000000;\">AvosLocker Encrypted Files Extension<\/span><\/strong><\/td><td style=\"text-align: left;\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;.avos\\n.avos2\\nAvosLinux&quot;}\">.avos<br \/>.avos2<br \/>AvosLinux<\/td><\/tr><tr><td data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;Batch scripts of AvosLocker&quot;}\"><strong><span style=\"color: #000000;\">Batch Scripts of AvosLocker<\/span><\/strong><\/td><td data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;execute.bat\\nLove.bat\\nUpdate.bat\\nlock.bat&quot;}\"><p style=\"text-align: left;\">execute.bat<br \/>Love.bat<br \/>Update.bat<br \/>lock.bat<\/p><\/td><\/tr><tr><td data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;virus Names to be used by Avoslocker&quot;}\"><strong><span style=\"color: #000000;\">Virus Names to be Used by Avoslocker<\/span><\/strong><\/td><td style=\"text-align: left;\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;Ransom:MSIL\/ApisCrypt\\n.PAA!MTB\\nTrojan-Banker.Win32.NeutrinoPOS.bnq\\nMSIL\/Filecoder.NR&quot;}\">Ransom:MSIL\/ApisCrypt<br \/>.PAA!MTB<br \/>Trojan-Banker.Win32.NeutrinoPOS.bnq<br \/>MSIL\/Filecoder.NR<\/td><\/tr><tr><td data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;Sites&quot;}\"><strong><span style=\"color: #000000;\">Sites<\/span><\/strong><\/td><td style=\"text-align: left;\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;http:\/\/avosxxxxxxxx.onion\\nhttp:\/\/avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad.onion\\nhttp:\/\/avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion&quot;}\" data-sheets-hyperlinkruns=\"{&quot;1&quot;:0,&quot;2&quot;:&quot;http:\/\/avosxxxxxxxx.onion\/&quot;}\uee10{&quot;1&quot;:25}\uee10{&quot;1&quot;:27,&quot;2&quot;:&quot;http:\/\/avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad.onion\/&quot;}\uee10{&quot;1&quot;:96}\uee10{&quot;1&quot;:98,&quot;2&quot;:&quot;http:\/\/avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion\/&quot;}\uee10{&quot;1&quot;:167}\"><a class=\"in-cell-link\" href=\"http:\/\/avosxxxxxxxx.onion\/\" target=\"_blank\" rel=\"noopener\">http:\/\/avosxxxxxxxx.onion<\/a><br \/><a class=\"in-cell-link\" href=\"http:\/\/avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad.onion\/\" target=\"_blank\" rel=\"noopener\">http:\/\/avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad.onion<br \/><\/a><a class=\"in-cell-link\" href=\"http:\/\/avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion\/\" target=\"_blank\" rel=\"noopener\">http:\/\/avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion<\/a><\/td><\/tr><tr><td data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;Note File after encryption&quot;}\"><strong><span style=\"color: #000000;\">Note File after Encryption<\/span><\/strong><\/td><td style=\"text-align: left;\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;GET_YOUR_FILES_BACK.txt(windows)\\nREADME_F\\n_REST\\nE.txt(Linux)&quot;}\">GET_YOUR_FILES_BACK.txt(windows)<br \/>README_F<br \/>_REST<br \/>E.txt(Linux)<\/td><\/tr><tr><td data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;Hash 256&quot;}\"><strong><span style=\"color: #000000;\">Hash 256<\/span><\/strong><\/td><td style=\"text-align: left;\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;cdca6936b880ab4559d3d96101e38f0cf58b87d07b0c7bf708d078c2bf209460\\n0cd7b6ea8857ce827180342a1c955e79c3336a6cf2000244e5cfd4279c5fc1b6\\n10ab76cd6d6b50d26fde5fe54e8d80fceeb744de8dbafddff470939fac6a98c4\\ne9a7b43acdddc3d2101995a2e2072381449054a7d8d381e6dc6ed64153c9c96a\\ne737c901b80ad9ed2cd800fec7c2554178c8afab196fb55a0df36acda1324721\\ncdca6936b880ab4559d3d96101e38f0cf58b87d07b0c7bf708d078c2bf209460\\n7c935dcd672c4854495f41008120288e8e1c144089f1f06a23bd0a0f52a544b1\\na0b4e3d7e4cd20d25ad2f92be954b95eea44f8f1944118a3194295c5677db749\\n43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856\\n7731a9e1e5fff9d912b1d238dcd92c2ba671a5ea55441bb7f14b05ed40039ce1\\n794f3d25c42d383fad485f9af1d6d7c0508bcfe8ed80a1afea0e0b51bf92bc81\\na58864dd006f0528f890c9e000e660f65ffe041ebd2bcb45903fb0228321cfb2\\n05ba2df0033e3cd5b987d66b6de545df439d338a20165c0ba96cde8a74e463e5\\nC0A42741EEF72991D9D0EE8B6C0531FC19151457A8B59BDCF7B6373D1FE56E02\\n6584cd273625ee121e330a981cc04e1f1d312356c9cccdb62932ea7aad53a731\\nda6e60b4e39c6c556836a18a09a52cd83c47f9cf6dc9e3ad298cbcb925a62a96\\n373a791f058539d72983e38ebe68e98132fcf996d04e9a181145f22a96689386\\nfc55f8b61cb79f2b85b8bf35ff1b80f49fc61a860aca7729f35449df4928cd9b\\n0c50992b87ba354a256dfe4356ffa98c8bc5dd231dab0a4dc64413741edb739b\\n5b7bed7349f6b1499b7eac111d7264101b13eeb9684830a4a93bab5f9d79d77e\\nbe19681b21f2a573b477444a788e00eb8dad2d740d11c02f14e878fe5b89fa70\\n33203ecb5c34c45dacf64c42c3a24cd4aeb2ceb26b0c58ba97fc8f33319da91b\\n3b58516758466c8129c4899f07e1e50ca98d913f7c13665aa446c75325b7c5d8&quot;}\">cdca6936b880ab4559d3d96101e38f0cf58b87d07b0c7bf708d078c2bf209460<br \/>0cd7b6ea8857ce827180342a1c955e79c3336a6cf2000244e5cfd4279c5fc1b6<br \/>10ab76cd6d6b50d26fde5fe54e8d80fceeb744de8dbafddff470939fac6a98c4<br \/>e9a7b43acdddc3d2101995a2e2072381449054a7d8d381e6dc6ed64153c9c96a<br \/>e737c901b80ad9ed2cd800fec7c2554178c8afab196fb55a0df36acda1324721<br \/>cdca6936b880ab4559d3d96101e38f0cf58b87d07b0c7bf708d078c2bf209460<br \/>7c935dcd672c4854495f41008120288e8e1c144089f1f06a23bd0a0f52a544b1<br \/>a0b4e3d7e4cd20d25ad2f92be954b95eea44f8f1944118a3194295c5677db749<br \/>43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856<br \/>7731a9e1e5fff9d912b1d238dcd92c2ba671a5ea55441bb7f14b05ed40039ce1<br \/>794f3d25c42d383fad485f9af1d6d7c0508bcfe8ed80a1afea0e0b51bf92bc81<br \/>a58864dd006f0528f890c9e000e660f65ffe041ebd2bcb45903fb0228321cfb2<br \/>05ba2df0033e3cd5b987d66b6de545df439d338a20165c0ba96cde8a74e463e5<br \/>C0A42741EEF72991D9D0EE8B6C0531FC19151457A8B59BDCF7B6373D1FE56E02<br \/>6584cd273625ee121e330a981cc04e1f1d312356c9cccdb62932ea7aad53a731<br \/>da6e60b4e39c6c556836a18a09a52cd83c47f9cf6dc9e3ad298cbcb925a62a96<br \/>373a791f058539d72983e38ebe68e98132fcf996d04e9a181145f22a96689386<br \/>fc55f8b61cb79f2b85b8bf35ff1b80f49fc61a860aca7729f35449df4928cd9b<br \/>0c50992b87ba354a256dfe4356ffa98c8bc5dd231dab0a4dc64413741edb739b<br \/>5b7bed7349f6b1499b7eac111d7264101b13eeb9684830a4a93bab5f9d79d77e<br \/>be19681b21f2a573b477444a788e00eb8dad2d740d11c02f14e878fe5b89fa70<br \/>33203ecb5c34c45dacf64c42c3a24cd4aeb2ceb26b0c58ba97fc8f33319da91b<br \/>3b58516758466c8129c4899f07e1e50ca98d913f7c13665aa446c75325b7c5d8<\/td><\/tr><tr><td data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;Hash SHA 1&quot;}\"><strong><span style=\"color: #000000;\">Hash SHA 1<\/span><\/strong><\/td><td style=\"text-align: left;\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;05c63ce49129f768d31c4bdb62ef5fb53eb41b54\\n6f110f251860a7f6757853181417e19c28841eb4\\n9c8f5c136590a08a3103ba3e988073cfd5779519\\ne8c26db068914df2083512ff8b24a2cc803ea498\\ndab33aaf01322e88f79ffddcbc95d1ad9ad97374\\ne60ef891027ac1dade9562f8b1de866186338da1\\n67f0c8d81aefcfc5943b31d695972194ac15e9f2\\n2f3273e5b6739b844fe33f7310476afb971956dd\\nf6f94e2f49cd64a9590963ef3852e135e2b8deba\\n&quot;}\">05c63ce49129f768d31c4bdb62ef5fb53eb41b54<br \/>6f110f251860a7f6757853181417e19c28841eb4<br \/>9c8f5c136590a08a3103ba3e988073cfd5779519<br \/>e8c26db068914df2083512ff8b24a2cc803ea498<br \/>dab33aaf01322e88f79ffddcbc95d1ad9ad97374<br \/>e60ef891027ac1dade9562f8b1de866186338da1<br \/>67f0c8d81aefcfc5943b31d695972194ac15e9f2<br \/>2f3273e5b6739b844fe33f7310476afb971956dd<br \/>f6f94e2f49cd64a9590963ef3852e135e2b8deba<\/td><\/tr><tr><td data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;Hash MD5&quot;}\"><strong><span style=\"color: #000000;\">Hash MD5<\/span><\/strong><\/td><td style=\"text-align: left;\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;e09183041930f37a38d0a776a63aa673\\nd3cafcd46dea26c39dec17ca132e5138\\nf659d1d15d2e0f3bd87379f8e88c6b42\\nafed45cd85a191fe3b2543e3ae6aa811\\n31f8eedc2d82f69ccc726e012416ce33\\na39b4bea47c4d123f8195a3ffb638a1b\\n504bd1695de326bc533fde29b8a69319\\neb45ff7ea2ccdcceb2e7e14f9cc01397\\nd285f1366d0d4fdae0b558db690497ea\\ncf0c2513b6e074267484d204a1653222&quot;}\">e09183041930f37a38d0a776a63aa673<br \/>d3cafcd46dea26c39dec17ca132e5138<br \/>f659d1d15d2e0f3bd87379f8e88c6b42<br \/>afed45cd85a191fe3b2543e3ae6aa811<br \/>31f8eedc2d82f69ccc726e012416ce33<br \/>a39b4bea47c4d123f8195a3ffb638a1b<br \/>504bd1695de326bc533fde29b8a69319<br \/>eb45ff7ea2ccdcceb2e7e14f9cc01397<br \/>d285f1366d0d4fdae0b558db690497ea<br \/>cf0c2513b6e074267484d204a1653222<\/td><\/tr><tr><td data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;AvosLocker service name&quot;}\"><strong><span style=\"color: #000000;\">AvosLocker Service Name<\/span><\/strong><\/td><td style=\"text-align: left;\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;Ransom.Win32.AVOSLOCKER.SMYXBLNT\\nRansom.Win32.AVOSLOCKER.YPBLU&quot;}\">Ransom.Win32.AVOSLOCKER.SMYXBLNT<br \/>Ransom.Win32.AVOSLOCKER.YPBLU<\/td><\/tr><\/tbody><\/table>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-50257ce elementor-widget elementor-widget-spacer\" data-id=\"50257ce\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-186e186 elementor-widget elementor-widget-menu-anchor\" data-id=\"186e186\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div id=\"Products-Affected-by-AvosLocker-Ransomware-Vulnerabilities\" class=\"elementor-menu-anchor\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-992c2d0 elementor-widget elementor-widget-heading\" data-id=\"992c2d0\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Products Affected by AvosLocker Ransomware Vulnerabilities<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-70aefc4 elementor-widget elementor-widget-spacer\" data-id=\"70aefc4\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-72bee00 elementor-widget elementor-widget-text-editor\" data-id=\"72bee00\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><strong>There are two vulnerabilities with a significant number of products affected. Both vulnerabilities are exploited by AvosLocker. Here are the products these vulnerabilities affect:<\/strong><\/p><p><b><br \/><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-44228\" target=\"_blank\" rel=\"noopener\">CVE-2021-44228<\/a><\/b><span style=\"font-weight: 400;\">: A high-risk vulnerability rated critical in CVSS v3 (10) exists in Apache Log4j. This vulnerability exists in 176 products from 21 vendors. Notable among them are vendors such as Oracle, Red Hat, Apache, Novell, Amazon, Cisco, SonicWall, and others. This remote code execution vulnerability is exploited by six ransomware gangs: AvosLocker, Conti, Khonsari, Night Sky, Cheerscrypt, and TellYouThePass. This vulnerability, too, is a point of interest for hackers and was found trending as of December 10, 2022, which is probably why CISA has included it as part of the CISA KEV catalog.<\/span><\/p><p><b><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-45046\" target=\"_blank\" rel=\"noopener\">CVE-2021-45046<\/a>: <\/b><span style=\"font-weight: 400;\">This high-risk vulnerability is rated critical in CVSS v3 (9), and it exists in 16 vendors and 93 products. Notable among the vendors that are vulnerable to this CVE are Intel, Apache, NetApp, Red Hat, and many others. This vulnerability was newly associated with the AvosLocker ransomware in 2022 and had been trending since December 12, 2022. CISA has not prioritized this vulnerability as a KEV yet, but Securin experts highly recommended that CISA adds it to the catalog.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-585dba1 elementor-widget elementor-widget-spacer\" data-id=\"585dba1\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-63115ec elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"63115ec\" data-element_type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-c73a06e\" data-id=\"c73a06e\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-83c1f0b elementor-widget elementor-widget-heading\" data-id=\"83c1f0b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">How We Can Help?<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3832329 elementor-widget elementor-widget-text-editor\" data-id=\"3832329\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><b><\/b>Securin has been researching\u00a0ransomware groups and the methods they use\u00a0to invade networks since 2019. Our comprehensive database of more than 359 vulnerabilities (and counting) used by ransomware groups is the most extensive compilation in the industry today. Securin\u2019s expertise in ransomware research translates into our\u00a0<a style=\"transition-property: all;\" href=\"\/ransomware\/\">Ransomware reports<\/a> and Ransomware Assessment service that can help organizations increase their security posture.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2344337 elementor-align-center elementor-widget elementor-widget-button\" data-id=\"2344337\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-xl\" href=\"\/ransomware\/\" target=\"_blank\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t<span class=\"elementor-button-text\">GET STARTED TODAY!<\/span>\n\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<div class=\"elementor-element elementor-element-faa8141 elementor-widget elementor-widget-spacer\" data-id=\"faa8141\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>AvosLocker made a name for itself by targeting critical infrastructure in 2021 and is still worth monitoring today.<\/p>\n","protected":false},"author":1,"featured_media":16945,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":""},"categories":[80,117],"tags":[623,442,625,91],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/posts\/16763"}],"collection":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/comments?post=16763"}],"version-history":[{"count":67,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/posts\/16763\/revisions"}],"predecessor-version":[{"id":18834,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/posts\/16763\/revisions\/18834"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/media\/16945"}],"wp:attachment":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/media?parent=16763"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/categories?post=16763"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/tags?post=16763"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}