{
    "type": "bundle",
    "id": "bundle--40d8d096-5f13-4b81-8825-487c92208802",
    "spec_version": "2.0",
    "objects": [
        {
            "modified": "2023-02-15T17:03:59.324Z",
            "name": "AvosLocker",
            "description": "[AvosLocker](https://attack.mitre.org/software/S1053) is ransomware written in C++ that has been offered via the Ransomware-as-a-Service (RaaS) model. It was first observed in June 2021 and has been used against financial services, critical manufacturing, government facilities, and other critical infrastructure sectors in the United States. As of March 2022, [AvosLocker](https://attack.mitre.org/software/S1053) had also been used against organizations in Belgium, Canada, China, Germany, Saudi Arabia, Spain, Syria, Taiwan, Turkey, the United Arab Emirates, and the United Kingdom.(Citation: Malwarebytes AvosLocker Jul 2021)(Citation: Trend Micro AvosLocker Apr 2022)(Citation: Joint CSA AvosLocker Mar 2022)",
            "x_mitre_platforms": [
                "Linux",
                "Windows"
            ],
            "x_mitre_deprecated": false,
            "x_mitre_domains": [
                "enterprise-attack"
            ],
            "x_mitre_version": "1.0",
            "x_mitre_contributors": [
                "Flavio Costa, Cisco"
            ],
            "x_mitre_aliases": [
                "AvosLocker"
            ],
            "type": "malware",
            "id": "malware--0945a1a5-a79a-47c8-9079-10c16cdfcb5d",
            "created": "2023-01-11T21:17:36.149Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "revoked": false,
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/software/S1053",
                    "external_id": "S1053"
                },
                {
                    "source_name": "Joint CSA AvosLocker Mar 2022",
                    "description": "FBI, FinCEN, Treasury. (2022, March 17). Indicators of Compromise Associated with AvosLocker Ransomware. Retrieved January 11, 2023.",
                    "url": "https://www.ic3.gov/Media/News/2022/220318.pdf"
                },
                {
                    "source_name": "Malwarebytes AvosLocker Jul 2021",
                    "description": "Hasherezade. (2021, July 23). AvosLocker enters the ransomware scene, asks for partners. Retrieved January 11, 2023.",
                    "url": "https://www.malwarebytes.com/blog/threat-intelligence/2021/07/avoslocker-enters-the-ransomware-scene-asks-for-partners"
                },
                {
                    "source_name": "Trend Micro AvosLocker Apr 2022",
                    "description": "Trend Micro Research. (2022, April 4). Ransomware Spotlight AvosLocker. Retrieved January 11, 2023.",
                    "url": "https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-avoslocker"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "labels": [
                "malware"
            ],
            "x_mitre_attack_spec_version": "3.1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}