Avaddon

Description

Avaddon is a ransomware malware targeting Windows systems often spread via malicious spam. The first known attack where Avaddon ransomware was distributed was in February 2020. Avaddon encrypts files using the extension .avdn and uses a TOR payment site for the ransom payment.

External Analysis
https://www.acronis.com/en-us/articles/avaddon-ransomware
https://www.cyber.gov.au/sites/default/files/2021-05/2021-003%20Ongoing%20campaign%20using%20Avaddon%20Ransomware%20-%2020210508.pdf
https://arxiv.org/pdf/2102.04796.pdf
https://atos.net/en/lp/securitydive/avaddon-ransomware-analysis
https://awakesecurity.com/blog/threat-hunting-for-avaddon-ransomware/
https://docs.google.com/spreadsheets/d/1MI8Z2tBhmqQ5X8Wf_ozv3dVjz5sJOs-3
https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf
https://ke-la.com/how-ransomware-gangs-find-new-monetization-schemes-and-evolve-in-marketing/
https://labs.sentinelone.com/avaddon-raas-breaks-public-decryptor-continues-on-rampage/
https://medium.com/s2wlab/quick-analysis-of-haron-ransomware-feat-avaddon-and-thanos-1ebb70f64dc4
https://medium.com/s2wlab/w4-jan-en-story-of-the-week-ransomware-on-the-darkweb-7595544363b1
https://news.sophos.com/en-us/2022/03/17/the-ransomware-threat-intelligence-center/
https://public.intel471.com/blog/ransomware-as-a-service-2020-ryuk-maze-revil-egregor-doppelpaymer/
https://symantec.broadcom.com/hubfs/The_Ransomware_Threat_September_2021.pdf
https://therecord.media/avaddon-ransomware-operation-shuts-down-and-releases-decryption-keys/
https://therecord.media/darkside-ransomware-gang-says-it-lost-control-of-its-servers-money-a-day-after-biden-threat/
https://threatconnect.com/blog/threatconnect-research-roundup-probable-sandworm-infrastructure
https://twitter.com/Securityinbits/status/1271065316903120902
https://twitter.com/dk_samper/status/1348560784285167617
https://vulnerability.ch/2021/04/ransomware-and-date-leak-site-publication-time-analysis/
https://www.advanced-intel.com/post/the-rise-demise-of-multi-million-ransomware-business-empire
https://www.bleepingcomputer.com/news/security/another-ransomware-now-uses-ddos-attacks-to-force-victims-to-pay/
https://www.bleepingcomputer.com/news/security/avaddon-ransomware-shuts-down-and-releases-decryption-keys/
https://www.connectwise.com/resources/avaddon-profile
https://www.coveware.com/blog/ransomware-attack-vectors-shift-as-new-software-vulnerability-exploits-abound
https://www.cronup.com/post/de-ataque-con-malware-a-incidente-de-ransomware
https://www.crowdstrike.com/blog/big-game-hunting-on-the-rise-again-according-to-ecrime-index/
https://www.crowdstrike.com/blog/how-big-game-hunting-ttps-shifted-after-darkside-pipeline-attack/
https://www.cyber.gov.au/sites/default/files/2021-05/2021-003%20Ongoing%20campaign%20using%20Avaddon%20Ransomware%20-%2020210508.pdf
https://www.cyborgsecurity.com/cyborg_labs/hunting-ransomware-inhibiting-system-backup-or-recovery/
https://www.hornetsecurity.com/en/security-information/avaddon-from-seeking-affiliates-to-in-the-wild-in-2-days/
https://www.hornetsecurity.com/en/security-informationen-en/leakware-ransomware-hybrid-attacks/
https://www.mandiant.com/resources/chasing-avaddon-ransomware
https://www.pwc.co.uk/issues/cyber-security-services/insights/what-is-behind-ransomware-attacks-increase.html
https://www.splunk.com/en_us/blog/security/gone-in-52-seconds-and-42-minutes-a-comparative-analysis-of-ransomware-encryption-speed.html
https://www.splunk.com/en_us/pdfs/resources/whitepaper/an-empirically-comparative-analysis-of-ransomware-binaries.pdf
https://www.swascan.com/it/avaddon-ransomware/
https://www.tgsoft.it/files/report/download.asp?id=568531345
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/ransomware-report-avaddon-and-new-techniques-emerge-industrial-sector-targeted
https://www.welivesecurity.com/la-es/2021/05/31/ransomware-avaddon-principales-caracteristicas/
https://www.zdnet.com/article/the-malware-that-usually-installs-ransomware-and-you-need-to-remove-right-away/
Urls
Screen
http://avaddongun7rngel.onion
File servers
Screen
Chat servers
Screen
http://avaddonbotrxmuyl.onion/

Posts

Date Title Description Screen
2021-09-09
EFCO forms
2021-09-09
Sky Leasing, LLC
2021-09-09
Golden Aluminum
2021-09-09
J.C. Cannistraro
2021-09-09
Lonrho
2021-09-09
American Bank Systems INC
2021-09-09
Brown Robert LLP
2021-09-09
National AIDS Control Council
2021-09-09
Monterey Bay Air Resources District
2021-09-09
Dade City Florida
2021-09-09
KOE
2021-09-09
AHT Global
2021-09-09
Garvin Promotion Group, LLC
2021-09-09
NetVigour Inc
2021-09-09
Intensive Care On-Line Network , Inc
2021-09-09
Payzant Building Products Ltd
2021-09-09
International Longshore & Warehouse Union
2021-09-09
Marolles-en-Brie
2021-09-09
Finalyse
2021-09-09
BIOREP TECHNOLOGIES, INC.
2021-09-09
MK-Technik
2021-09-09
Allanasons Ltd
2021-09-09
American Heart of Poland Inc
2021-09-09
PT Asuransi Bintang Tbk
2021-09-09
VAUGHN CONCRETE PRODUCTS, INC
2021-09-09
Groupe Qualinet Inc.
2021-09-09
Somerset ISD
2021-09-09
FBL Advogados
2021-09-09
Hardy Buoys Smoked Fish Inc.
2021-09-09
KEITH MACHINERY CORP.
2021-09-09
BEE LINE LOGISTICS, INC
2021-09-09
Elite Software Inc
2021-09-09
MundoFertil
2021-09-09
SVI ASSURANCES
2021-09-09
UNIVERSAL ACCOUNTING SERVICES INC
2021-09-09
The Capital Medical Center
2021-09-09
Mullins Food Products Inc
2021-09-09
JFC International (Europe)
2021-09-09
Carnegie Wave Energy
2021-09-09
Grand Power Systems
2021-09-09
VERIHA TRUCKING INC
2021-09-09
Party Rental LTD
2021-09-09
Prefeitura Municipal de Saquarema
2021-09-09
CELL Foods Inc.
2021-09-09
CASHMAG
2021-09-09
Doré Law Group P.C
2021-09-09
Omni Manufacturing, Inc.
2021-09-09
FUTURIMPLANTS
2021-09-09
ANLEC R&D
2021-09-09
La compagnie du SAV
2021-09-09
SISCONT
2021-09-09
AlohaABA
2021-09-09
Zhuhai Languan Electronic Technology Co., Ltd
2021-09-09
Schneider & Branch
2021-09-09
Mikro Trading
2021-09-09
Basque Center for Applied Mathematics-BCAM
2021-09-09
Targetcom
2021-09-09
Steel Art Signs Corp.
2021-09-09
BRIDGEWAY SENIOR HEALTHCARE
2021-09-09
SOVRIN PLASTICS LIMITED
2021-09-09
Millwright Regional Council of Ontario
2021-09-09
Gorzynski
2021-09-09
ALIZON
2021-09-09
CERINNOV, UNIPESSOAL, LDA
2021-09-09
BDhouse
2021-09-09
Indonesia Infrastructure Guarantee Fund
2021-09-09
Município de Constância
2021-09-09
Grupo Prilux
2021-09-09
Cambridge Weight Plan Ltd
2021-09-09
ASBIS CZ, spol. s r.o.
2021-09-09
HealthCare Global Enterprises Ltd
2021-09-09
MITCHAM INDUSTRIES INC
2021-09-09
B.W. Wilson Paper
2021-09-09
Aldes
2021-09-09
Coburn Supply Company , Inc.
2021-09-09
DBMSC Steel
2021-09-09
EROWA LTD
2021-09-09
Logixal
2021-09-09
Dicon Fiberoptics Inc
2021-09-09
BIANCHI VENDING
2021-09-09
Exedy Corporation
2021-09-09
Active Business & Technology
2021-09-09
MSPharma
2021-09-09
Hames Homes LLC
2021-09-09
Greatwide Truckload
2021-09-09
CJ Selecta S/A
2021-09-09
Presque Isle Police Department
2021-09-09
ADUANAS Y SERVICIOS FORNESA SL
2021-09-09
Innovative Office Solutions LLC
2021-09-09
Partit Nazzjonalista
2021-09-09
Cathar Games
2021-09-09
OLOMOUC
2021-09-09
MUNICIPIO DE QUATRO BARRAS
2021-09-09
Newcomb Secondary College
2021-09-09
COMUNE DI VILLAFRANCA D'ASTI
2021-09-09
CNE
2021-09-09
Farrells
2021-09-09
SC TECHNOSEAL SERVICES SRL
2021-09-09
MEDUNA vakuová kalírna s.r.o
2021-09-09
Construct
2021-09-09
Diacom
2021-09-09
LG Vina Chemical
2021-09-09
Schepisi Communications
2021-09-09
EUROMAIS - PEÇAS E PNEUS, LDA
2021-09-09
SPINE & DISC
2021-09-09
Cocal
2021-09-09
Glasbau Wiedemann GmbH
2021-09-09
Cinov Federation
2021-09-09
TAIWAN SURFACE MOUNTING TECHNOLOGY CORP.
2021-09-09
Coindu
2021-09-09
ULTRACEUTICALS PTY LIMITED
2021-09-09
DOCTUM PHARMACEUTICAL Κ. T. YIOKARIS & CO S.A.
2021-09-09
MEGAPOLIS HOLDINGS (OVERSEAS) LIMITED
2021-09-09
NIJMAN / ZEETANK International Transport Sp. z o. o.
2021-09-09
ACER FINANCE
2021-09-09
PT Angkasa Pura I
2021-09-09
Henry Oil & Gas
2021-09-09
SL Corporation
2021-09-09
Letton Percival
2021-09-09
Vistex
2021-09-09
EVGA
2021-09-09
AXA Group
2021-09-09
RINGSPANN GmbH
2021-09-09
Solvere LLC
2021-09-09
PKMK law&finance s.r.o
2021-09-09
360 InStore
2021-09-09
Maryan beachwear group GmbH
2021-09-09
JetSJ
2021-09-09
Rate Rabbit Inc
2021-09-09
Halwani Bros Ltd
2021-09-09
Cube Audit Ltd
2021-09-09
FEBANCOLOMBIA
2021-09-09
Ballas Capital Limited
2021-09-09
Servilex Advocaten
2021-09-09
Johann Kupp GmbH & Co. KG
2021-09-09
Carlos Federspiel & Co SA
2021-09-09
Buckeye International Inc
2021-09-09
LE VOLCAN
2021-09-09
Syndex
2021-09-09
Inventec Appliances Corp
2021-09-09
Imperial Printing and Paper Box Mfg
2021-09-09
Accounts IQ