Avaddon
Avaddon is a ransomware malware targeting Windows systems often spread via malicious spam. The first known attack where Avaddon ransomware was distributed was in February 2020. Avaddon encrypts files using the extension .avdn and uses a TOR payment site for the ransom payment.
External information
Victims
147
First Discovered
victim2021-02-01
Last Discovered
victim2021-09-09
Avg Delay
between attack and claimN/A
Infostealer
for victim with domainN/A
Known Locations (1)
Target (Available)
Top 5 Activity Sectors
- Government Facilities 2
- Healthcare and Public Health 1
- Energy 1
- Financial 1
Top 5 Countries
-
United States
3
-
Belgium
1
Heatmap (Available)
Ransom Notes (1)
Tools Used (Available)
| Discovery | RMM Tools | Defense Evasion | Credential Theft | OffSec | Networking | LOLBAS | Exfiltration |
|---|---|---|---|---|---|---|---|
|
SoftPerfect NetScan
|
|
GMER
PowerTool
TDSSKiller
|
Mimikatz
SharpDump
|
PowerShell Empire
PowerSploit
|
|
|
Anonfiles
MEGA
ProtonMail
Sendspace
|
Vulnerabilities Exploited (0)
No vulnerabilities exploited available.
TTPs Matrix (0)
No TTPs available.
Negotiation Chats (7)
20210112
25 msgs
20210324
73 msgs
20210430
103 msgs
20210512
35 msgs
20210518
17 msgs
20210518_2
24 msgs
20210518_3
103 msgs
YARA Rules (0)
No YARA rules available.
Indicators of Compromise (IoCs) (0)
No IoCs available for this group.
