hacker-news · Crawled Jul 5, 2026

New Avalon Malware Framework Packs CrownX Ransomware Capabilities

3 IoCs 1 CVEs
Read original article ↗

AI Summary

A new modular malware framework dubbed Avalon has been discovered, capable of executing a multi-stage attack chain that includes credential theft, lateral movement, and ransomware deployment via its CrownX component. The attack begins with a phishing email containing a password-protected archive hosted on Proton Drive, which delivers a malicious ISO image. The framework employs advanced defense evasion techniques, disables recovery mechanisms, and exfiltrates sensitive data before encrypting systems. Notably, Avalon shows signs of AI-assisted development, lowering the barrier for less sophisticated actors to deploy complex malware.

AI-extracted · verify before operational use

Extracted Entities 1 found

Indicators of Compromise 3 extracted

Type Value Detail
Domain helloxcherry[.]com Details →
Domain api.groq[.]com Details →
Filename Secure Document CA-283505.pdf.lnk Details →

MITRE ATT&CK TTPs 1 techniques