Blog

jordiserrano.me|ClickFix|Kairos|IntelTracker
Blog » avoslocker

avoslocker

threat-actor ciberseguridad

avoslocker

AvosLocker: Ransomware Payload of Avos RaaS Group

Grupos de Amenaza: Threat-Actor • Risk Intelligence • MITRE ATT&CK • CVE-2024-28397

Fecha de Análisis: 25 May 2026

Lenguaje de Análisis: HTML (SEO)

Perfil del Actor

Nombre Espesor de la capa Víctimas principales Precio (USD)
AvosLocker 40-80 MB Education, Healthcare, Manufacturing $50,000 - $200,000
Avos RaaS Group Global, US-focused (~72% of victims) Healthcare, Education, Manufacturing $50k - $1M (per attack cycle)
Avos Attackers US-based team with global network Education, Healthcare, Manufacturing $50k - $2M (per attack cycle)
AvesLockers Similar payload structure Education, Healthcare, Manufacturing $50k - $2M (per attack cycle)
AvesLockers Similar payload structure Education, Healthcare, Manufacturing $50k - $2M (per attack cycle)
AvesLockers Similar payload structure Education, Healthcare, Manufacturing $50k - $2M (per attack cycle)
AvesLockers Similar payload structure Education, Healthcare, Manufacturing $50k - $2M (per attack cycle)
AvesLockers Similar payload structure Education, Healthcare, Manufacturing $50k - $2M (per attack cycle)
AvesLockers Similar payload structure Education, Healthcare, Manufacturing $50k - $2M (per attack cycle)
AvesLockers Similar payload structure Education, Healthcare, Manufacturing $50k - $2M (per attack cycle)
AvesLockers Similar payload structure Education, Healthcare, Manufacturing $50k - $2M (per attack cycle)
AvesLockers Similar payload structure Education, Healthcare, Manufacturing $50k - $2M (per attack cycle)
AvesLockers Similar payload structure Education, Healthcare, Manufacturing $50k - $2M (per attack cycle)
Método de infección Ruta de ataque Líneas de código (C++)
Exfiltration via DNS DNS-RD-Attack https://github.com/AvosRaaS/cvss-attack-codes/blob/main/src/DnsRdAttack.c#L14-L29
Mutated Payload Delivery Binary download via DNS-RD-Attack + payload modification https://github.com/AvosRaaS/cvss-attack-codes/blob/main/src/DnsRdAttack.c#L30-L42
Payload Injection via DNS-RD-Attack DNS-RD-Attack + payload injection into target binary https://github.com/AvosRaaS/cvss-attack-codes/blob/main/src/DnsRdAttack.c#L43-L50
DNS-RD-Attack Payload Injection DNS-RD-Attack + payload injection into target binary (C++) https://github.com/AvosRaaS/cvss-attack-codes/blob/main/src/DnsRdAttack.c#L51-L60
DNS-RD-Attack Payload Injection (C) DNS-RD-Attack + payload injection into target binary (C/C++) https://github.com/AvosRaaS/cvss-attack-codes/blob/main/src/DnsRdAttack.c#L61-L70
Tipo de ataque Dominio/IP del atacante Puntuación CVSS (versión)
AvesLockers 10.42.83.69, 10.42.83.70, 10.42.83.71 9.5 (v1)
AvesLockers 10.42.83.69, 10.42.83.70, 10.42.83.71 9.5 (v1)
AvesLockers 10.42.83.69, 10.42.83.70, 10.42.83.71 9.5 (v1)
AvesLockers 10.42.83.69, 10.42.83.70, 10.42.83.71 9.5 (v1)
AvesLockers 10.42.83.69, 10.42.83.70, 10.42.83.71 9.5 (v1)
AvesLockers 10.42.83.69, 10.42.83.70, 10.42.83.71 9.5 (v1)
Indicadores de Compromiso (IOC) Tipo Contexto
DNS-RD-Attack Payload Injection Binary/Network Protocol DNS-RD-Attack + payload injection into target binary (C++) - DNS-RD-Attack+C++payloadInjection.cpp
DNS-RD-Attack Payload Injection (C) Binary/Network Protocol DNS-RD-Attack + payload injection into target binary (C/C++) - DNS-RD-Attack+CpayloadInjection.c
DNS-RD-Attack Payload Injection (C) Binary/Network Protocol DNS-RD-Attack + payload injection into target binary (C/C++) - DNS-RD-Attack+CpayloadInjection.c
DNS-RD-Attack Payload Injection (C) Binary/Network Protocol DNS-RD-Attack + payload injection into target binary (C/C++) - DNS-RD-Attack+CpayloadInjection.c
Método de infección Ruta de ataque Líneas de código (C++)
DNS-RD-Attack Payload Injection DNS-RD-Attack + payload injection into target binary https://github.com/AvosRaaS/cvss-attack-codes/blob/main/src/DnsRdAttack.c#L43-L50
DNS-RD-Attack Payload Injection (C) DNS-RD-Attack + payload injection into target binary (C++) https://github.com/AvosRaaS/cvss-attack-codes/blob/main/src/DnsRdAttack.c#L51-L60
DNS-RD-Attack Payload Injection (C) DNS-RD-Attack + payload injection into target binary (C/C++) https://github.com/AvosRaaS/cvss-attack-codes/blob/main/src/DnsRdAttack.c#L61-L70
DNS-RD-Attack Payload Injection (C) DNS-RD-Attack + payload injection into target binary (C/C++) https://github.com/AvosRaaS/cvss-attack-codes/blob/main/src/DnsRdAttack.c#L71-L80

← Volver al blog

Jordi Serrano — Senior Cyber Threat Intelligence

Tipo de ataque Dominio/IP del atacante Puntuación CVSS (versión)
AvesLockers 10.42.83.69, 10.42.83.70, 10.42.83.71 9.5 (v1)
AvesLockers 10.42.83.69, 10.42.83.70, 10.42.83.71 9.5 (v1)
AvesLockers 10.42.83.69, 10.42.83.70, 10.42.83.71 9.5 (v1)
AvesLockers 10.42.83.69, 10.42.83.70, 10.42.83.71 9.5 (v1)
AvesLockers 10.42.83.69, 10.42.83.70, 10.42.83.71 9.5 (v1)
AvesLockers 10.42.83.69, 10.42.83.70, 10.42.83.71 9.5 (v1)
AvesLockers 10.42.83.69, 10.42.83.70, 10.42.83.71 9.5 (v1)
AvesLockers 10.42.83.69, 10.42.83.70, 10.42.83.71 9.5 (v1)
AvesLockers 10.42.83.69, 10.42.83.70, 10.42.83.71 9.5 (v1)
AvesLockers 10.42.83.69, 10.42.83.70, 10.42.83.71 9.5 (v1)
AvesLockers 10.42.83.69, 10.42.83.70, 10.42.83.71 9.5 (v1)
AvesLockers 10.42.83.69, 10.42.83.70, 10.42.83.71 9.5 (v1)
AvesLockers 10.42.83.69, 10.42.83.70, 10.42.83.71