AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell
Tags
attack-pattern: Data System Network Configuration Discovery - T1422 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Web Service - T1481 Tool - T1588.002 Vulnerabilities - T1588.006 Mshta - T1170 Powershell - T1086 Rootkit - T1014 System Network Configuration Discovery - T1016 Web Service - T1102 Rootkit
Show in Graph
Common Information
Type Value
UUID 711ba857-53bc-4530-8925-091f7fd05959
Fingerprint 96119cd0a1371a85
Analysis status DONE
Considered CTI value 2
Text language
Published May 2, 2022, midnight
Added to db Oct. 15, 2024, 3:57 p.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline AvosLocker Ransomware Variant Abuses Driver File to Disable Antivirus, Scans for Log4shell
Title AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell
Detected Hints/Tags/Attributes 82/1/27
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_my/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Details Source https://www.trendmicro.com/en_au/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Details Source https://www.trendmicro.com/en_nz/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Details Source https://www.trendmicro.com/en_sg/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Details Source https://www.trendmicro.com/en_in/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Attributes
Details Type #Events CTI Value
Details CVE 67 
cve-2021-40539
Details CVE 397 
cve-2021-44228
Details File 8 
aswarpot.sys
Details File 11 
test.jsp
Details File 6 
keytool.exe
Details File 2 
c:\manageengine\adselfservice plus\jre\bin\java.exe
Details File 456 
mshta.exe
Details File 2126 
cmd.exe
Details File 4 
subshell.aspx
Details File 2 
'aswarpot.sys
Details File 118 
sc.exe
Details File 2 
c:\windows\aswarpot.sys
Details File 5 
endpointbasecamp.exe
Details File 3 
responseservice.exe
Details File 29 
pccntmon.exe
Details File 2 
supportconnector.exe
Details File 2 
aotagent.exe
Details File 5 
cetasvc.exe
Details File 2 
ivpagent.exe
Details File 4 
tmwscsvc.exe
Details File 2 
c:\temp\pass\start.exe
Details File 175 
update.exe
Details File 48 
trojan.bat
Details sha256 2 
05ba2df0033e3cd5b987d66b6de545df439d338a20165c0ba96cde8a74e463e5
Details sha256 3 
e81a8f8ad804c4d83869d7806a303ff04f31cce376c5df8aada2e9db2c1eeb98
Details sha256 2 
ddcb0e99f27e79d3536a15e0d51f7f33c38b2ae48677570f36f5e92863db5a96
Details Url 2 
http://xx.xx.xx.xx/subshell.aspx