AvosLocker Ransomware Abuses Driver File to Disable AV and Scans for Log4shell
According to the analysis, the suspected entry point is via the Zoho ManageEngine ADSelfService Plus (ADSS) exploit. Due to the lack of network traffic details, TrendMicro could not identify the exact CVE ID of the security gap the attacker used.
However, there are some indications that they abused the same vulnerability previously documented by Synacktiv during a pentest, CVE-2021-40539.
The gap they observed was particularly similar to the creation of JSP files (test.jsp), execution of keytool.exe with “null” parameters to run a crafted Java class/code.
Featured Resources
Subscribe to Our Blog
Subscribe now to get the latest insights, expert tips and updates on threat exposure validation.
Subscribe