{"id":46442,"date":"2022-05-02T00:00:00","date_gmt":"2022-05-02T00:00:00","guid":{"rendered":"urn:uuid:5d727d2e-eaa8-b86d-d0b8-95b78a144a73"},"modified":"2022-05-02T00:00:00","modified_gmt":"2022-05-02T00:00:00","slug":"avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\/","title":{"rendered":"AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/e\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\/cover-avoslocker-disables-defense-with-driver-file-scans-log4shell.jpg\"><\/p>\n<div><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/e\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\/cover-avoslocker-disables-defense-with-driver-file-scans-log4shell.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p><span class=\"body-subhead-title\">Conclusion<\/span><\/p>\n<p>While AvosLocker has been documented for its abuse of AnyDesk for lateral movement as its preferred application, we note that <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/k\/campaign-abusing-rats-uses-fake-websites.html\">other<\/a> remote access applications can also be abused to replace it. We think the same can be said for the software deployment tool, wherein the malicious actors can subsequently decide to replace and abuse it with other commercially available ones. In addition, aside from its availability, the decision to choose the specific rootkit driver file is for its capability to execute in kernel mode (therefore operating at a high privilege).<\/p>\n<p>This variant is also capable of modifying other details of the installed security solutions, such as disabling the legal notice. Other modern ransomware, such as <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/ransomware-as-a-service-enabler-of-widespread-attacks\">Mespinoza\/Pysa<\/a>, modify the registries of infected systems during their respective routines to inform their victims that they have been compromised.<\/p>\n<p>Similar to previously documented malware and ransomware groups, AvosLocker takes advantage of the different vulnerabilities that have yet to be patched to get into organizations\u2019 networks. Once inside, the continuing trend of abusing legitimate tools and functions to mask malicious activities and actors\u2019 presence grows in sophistication. In this case, the attackers were able to study and use Avast\u2019s driver as part of their arsenal to disable other vendors\u2019 security products.<\/p>\n<p>However, and specific to this instance, the attempt to kill an anti-virus product such as this variant\u2019s TaskKill can also be foiled. In this example using Trend Micro Vision One, the attempt was unsuccessful likely due to the product\u2019s self-protection feature, which allowed the sensors to continue sending data and block the noted routine. The visibility enabled by the platform allowed us as researchers to capture the extent of this ransomware\u2019s attack chain and replicate the driver file being abused to verify its function during compromise.<\/p>\n<p>Avast responded to our notification with this statement:<\/p>\n<p><i>&#8220;We can confirm the vulnerability in an old version of our driver aswArPot.sys, which we fixed in our Avast 21.5 released in June 2021. We also worked closely with Microsoft, so they released a block in the Windows operating system (10 and 11), so the old version of the Avast driver can&#8217;t be loaded to memory.<\/i><\/p>\n<p><i>The below example shows that the blocking works (output from the &#8220;sc start&#8221; command):<\/i><\/p>\n<p>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;(SC) StartService FAILED 1275:<\/p>\n<p>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;This driver has been blocked from loading<\/p>\n<p><i>The update from Microsoft for the Windows operating system was published in February as an optional update, and in Microsoft&#8217;s security release in April, so fully updated machines running Windows 10 and 11 are not vulnerable to this kind of attack.<\/i><\/p>\n<p><i>All consumer and business antivirus versions of Avast and AVG detect and block this AvosLocker ransomware variant, so our users are protected from this attack vector.<\/i><\/p>\n<p><i>For users of third-party antivirus software, to stay protected against this vulnerability, we recommend users to update their Windows operating system with the latest security updates, and to use a fully updated antivirus program.&#8221;<\/i><\/p>\n<p><span class=\"body-subhead-title\">Indicators of Compromise (IOCs)&nbsp;<\/span><\/p>\n<p> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/e\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>We found an AvosLocker ransomware variant using a legitimate anti-virus component to disable detection and blocking solutions. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":46443,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9546,9510,9538,9511,9508,9555,9513,9523,9539],"class_list":["post-46442","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-apttargeted-attacks","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-compliancerisks","tag-trend-micro-research-cyber-threats","tag-trend-micro-research-endpoints","tag-trend-micro-research-exploitsvulnerabilities","tag-trend-micro-research-malware","tag-trend-micro-research-network","tag-trend-micro-research-ransomware"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-05-02T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/e\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\/cover-avoslocker-disables-defense-with-driver-file-scans-log4shell.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell\",\"datePublished\":\"2022-05-02T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\\\/\"},\"wordCount\":521,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/05\\\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell.jpg\",\"keywords\":[\"Trend Micro Research : APT&amp;Targeted Attacks\",\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Compliance&amp;Risks\",\"Trend Micro Research : Cyber Threats\",\"Trend Micro Research : Endpoints\",\"Trend Micro Research : Exploits&amp;Vulnerabilities\",\"Trend Micro Research : Malware\",\"Trend Micro Research : Network\",\"Trend Micro Research : Ransomware\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\\\/\",\"name\":\"AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/05\\\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell.jpg\",\"datePublished\":\"2022-05-02T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/05\\\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/05\\\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell.jpg\",\"width\":641,\"height\":350},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : APT&amp;Targeted Attacks\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-apttargeted-attacks\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\/","og_locale":"en_US","og_type":"article","og_title":"AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-05-02T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/e\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\/cover-avoslocker-disables-defense-with-driver-file-scans-log4shell.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell","datePublished":"2022-05-02T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\/"},"wordCount":521,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/05\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell.jpg","keywords":["Trend Micro Research : APT&amp;Targeted Attacks","Trend Micro Research : Articles, News, Reports","Trend Micro Research : Compliance&amp;Risks","Trend Micro Research : Cyber Threats","Trend Micro Research : Endpoints","Trend Micro Research : Exploits&amp;Vulnerabilities","Trend Micro Research : Malware","Trend Micro Research : Network","Trend Micro Research : Ransomware"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\/","url":"https:\/\/www.threatshub.org\/blog\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\/","name":"AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/05\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell.jpg","datePublished":"2022-05-02T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/05\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/05\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell.jpg","width":641,"height":350},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-virus-scans-for-log4shell\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : APT&amp;Targeted Attacks","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-apttargeted-attacks\/"},{"@type":"ListItem","position":3,"name":"AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/46442","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=46442"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/46442\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/46443"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=46442"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=46442"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=46442"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}