RansomLook logo RansomLook

Avaddon

Compare

View crypto

Description

Avaddon is a ransomware malware targeting Windows systems often spread via malicious spam. The first known attack where Avaddon ransomware was distributed was in February 2020. Avaddon encrypts files using the extension .avdn and uses a TOR payment site for the ransom payment.

External Analysis41
External Analysis
https://www.acronis.com/en-us/articles/avaddon-ransomware
https://www.cyber.gov.au/sites/default/files/2021-05/2021-003%20Ongoing%20campaign%20using%20Avaddon%20Ransomware%20-%2020210508.pdf
https://arxiv.org/pdf/2102.04796.pdf
https://atos.net/en/lp/securitydive/avaddon-ransomware-analysis
https://awakesecurity.com/blog/threat-hunting-for-avaddon-ransomware/
https://docs.google.com/spreadsheets/d/1MI8Z2tBhmqQ5X8Wf_ozv3dVjz5sJOs-3
https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf
https://ke-la.com/how-ransomware-gangs-find-new-monetization-schemes-and-evolve-in-marketing/
https://labs.sentinelone.com/avaddon-raas-breaks-public-decryptor-continues-on-rampage/
https://medium.com/s2wlab/quick-analysis-of-haron-ransomware-feat-avaddon-and-thanos-1ebb70f64dc4
https://medium.com/s2wlab/w4-jan-en-story-of-the-week-ransomware-on-the-darkweb-7595544363b1
https://news.sophos.com/en-us/2022/03/17/the-ransomware-threat-intelligence-center/
https://public.intel471.com/blog/ransomware-as-a-service-2020-ryuk-maze-revil-egregor-doppelpaymer/
https://symantec.broadcom.com/hubfs/The_Ransomware_Threat_September_2021.pdf
https://therecord.media/avaddon-ransomware-operation-shuts-down-and-releases-decryption-keys/
https://therecord.media/darkside-ransomware-gang-says-it-lost-control-of-its-servers-money-a-day-after-biden-threat/
https://threatconnect.com/blog/threatconnect-research-roundup-probable-sandworm-infrastructure
https://twitter.com/Securityinbits/status/1271065316903120902
https://twitter.com/dk_samper/status/1348560784285167617
https://vulnerability.ch/2021/04/ransomware-and-date-leak-site-publication-time-analysis/
https://www.advanced-intel.com/post/the-rise-demise-of-multi-million-ransomware-business-empire
https://www.bleepingcomputer.com/news/security/another-ransomware-now-uses-ddos-attacks-to-force-victims-to-pay/
https://www.bleepingcomputer.com/news/security/avaddon-ransomware-shuts-down-and-releases-decryption-keys/
https://www.connectwise.com/resources/avaddon-profile
https://www.coveware.com/blog/ransomware-attack-vectors-shift-as-new-software-vulnerability-exploits-abound
https://www.cronup.com/post/de-ataque-con-malware-a-incidente-de-ransomware
https://www.crowdstrike.com/blog/big-game-hunting-on-the-rise-again-according-to-ecrime-index/
https://www.crowdstrike.com/blog/how-big-game-hunting-ttps-shifted-after-darkside-pipeline-attack/
https://www.cyber.gov.au/sites/default/files/2021-05/2021-003%20Ongoing%20campaign%20using%20Avaddon%20Ransomware%20-%2020210508.pdf
https://www.cyborgsecurity.com/cyborg_labs/hunting-ransomware-inhibiting-system-backup-or-recovery/
https://www.hornetsecurity.com/en/security-information/avaddon-from-seeking-affiliates-to-in-the-wild-in-2-days/
https://www.hornetsecurity.com/en/security-informationen-en/leakware-ransomware-hybrid-attacks/
https://www.mandiant.com/resources/chasing-avaddon-ransomware
https://www.pwc.co.uk/issues/cyber-security-services/insights/what-is-behind-ransomware-attacks-increase.html
https://www.splunk.com/en_us/blog/security/gone-in-52-seconds-and-42-minutes-a-comparative-analysis-of-ransomware-encryption-speed.html
https://www.splunk.com/en_us/pdfs/resources/whitepaper/an-empirically-comparative-analysis-of-ransomware-binaries.pdf
https://www.swascan.com/it/avaddon-ransomware/
https://www.tgsoft.it/files/report/download.asp?id=568531345
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/ransomware-report-avaddon-and-new-techniques-emerge-industrial-sector-targeted
https://www.welivesecurity.com/la-es/2021/05/31/ransomware-avaddon-principales-caracteristicas/
https://www.zdnet.com/article/the-malware-that-usually-installs-ransomware-and-you-need-to-remove-right-away/
Ransom notes1
Urls1
Url
Status
Screen
Uptime 30d
Health
http://avaddongun7rngel.onion Down
0%
Chat servers1
Url
Status
Screen
Uptime 30d
Health
http://avaddonbotrxmuyl.onion/ Down
0%
Activity (interactive) 142
Activity charts
Posts142
Date Title Description Screen
EFCO forms
Sky Leasing, LLC
Golden Aluminum
J.C. Cannistraro
Lonrho
American Bank Systems INC
Brown Robert LLP
National AIDS Control Council
Monterey Bay Air Resources District
Dade City Florida
KOE
AHT Global
Garvin Promotion Group, LLC
NetVigour Inc
Intensive Care On-Line Network , Inc
Payzant Building Products Ltd
International Longshore & Warehouse Union
Marolles-en-Brie
Finalyse
BIOREP TECHNOLOGIES, INC.
MK-Technik
Allanasons Ltd
American Heart of Poland Inc
PT Asuransi Bintang Tbk
VAUGHN CONCRETE PRODUCTS, INC
Groupe Qualinet Inc.
Somerset ISD
FBL Advogados
Hardy Buoys Smoked Fish Inc.
KEITH MACHINERY CORP.
BEE LINE LOGISTICS, INC
Elite Software Inc
MundoFertil
SVI ASSURANCES
UNIVERSAL ACCOUNTING SERVICES INC
The Capital Medical Center
Mullins Food Products Inc
JFC International (Europe)
Carnegie Wave Energy
Grand Power Systems
VERIHA TRUCKING INC
Party Rental LTD
Prefeitura Municipal de Saquarema
CELL Foods Inc.
CASHMAG
Doré Law Group P.C
Omni Manufacturing, Inc.
FUTURIMPLANTS
ANLEC R&D
La compagnie du SAV
SISCONT
AlohaABA
Zhuhai Languan Electronic Technology Co., Ltd
Schneider & Branch
Mikro Trading
Basque Center for Applied Mathematics-BCAM
Targetcom
Steel Art Signs Corp.
BRIDGEWAY SENIOR HEALTHCARE
SOVRIN PLASTICS LIMITED
Millwright Regional Council of Ontario
Gorzynski
ALIZON
CERINNOV, UNIPESSOAL, LDA
BDhouse
Indonesia Infrastructure Guarantee Fund
Município de Constância
Grupo Prilux
Cambridge Weight Plan Ltd
ASBIS CZ, spol. s r.o.
HealthCare Global Enterprises Ltd
MITCHAM INDUSTRIES INC
B.W. Wilson Paper
Aldes
Coburn Supply Company , Inc.
DBMSC Steel
EROWA LTD
Logixal
Dicon Fiberoptics Inc
BIANCHI VENDING
Exedy Corporation
Active Business & Technology
MSPharma
Hames Homes LLC
Greatwide Truckload
CJ Selecta S/A
Presque Isle Police Department
ADUANAS Y SERVICIOS FORNESA SL
Innovative Office Solutions LLC
Partit Nazzjonalista
Cathar Games
OLOMOUC
MUNICIPIO DE QUATRO BARRAS
Newcomb Secondary College
COMUNE DI VILLAFRANCA D'ASTI
CNE
Farrells
SC TECHNOSEAL SERVICES SRL
MEDUNA vakuová kalírna s.r.o
Construct
Diacom
LG Vina Chemical
Schepisi Communications
EUROMAIS - PEÇAS E PNEUS, LDA
SPINE & DISC
Cocal
Glasbau Wiedemann GmbH
Cinov Federation
TAIWAN SURFACE MOUNTING TECHNOLOGY CORP.
Coindu
ULTRACEUTICALS PTY LIMITED
DOCTUM PHARMACEUTICAL Κ. T. YIOKARIS & CO S.A.
MEGAPOLIS HOLDINGS (OVERSEAS) LIMITED
NIJMAN / ZEETANK International Transport Sp. z o. o.
ACER FINANCE
PT Angkasa Pura I
Henry Oil & Gas
SL Corporation
Letton Percival
Vistex
EVGA
AXA Group
RINGSPANN GmbH
Solvere LLC
PKMK law&finance s.r.o
360 InStore
Maryan beachwear group GmbH
JetSJ
Rate Rabbit Inc
Halwani Bros Ltd
Cube Audit Ltd
FEBANCOLOMBIA
Ballas Capital Limited
Servilex Advocaten
Johann Kupp GmbH & Co. KG
Carlos Federspiel & Co SA
Buckeye International Inc
LE VOLCAN
Syndex
Inventec Appliances Corp
Imperial Printing and Paper Box Mfg
Accounts IQ
Note