IOC Radar
TLP:WHITE3 IOCs

CrownX Ransomware Embedded Inside Avalon Framework Targets Recovery and Backup Systems

CP
Cyber Press
Published July 4, 2026Original Report

Threat Actors

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYSandwormINFRASTRUCTUREhttps://helloxcherry.…CAPABILITYPsExecVICTIMunknown
Adversary(1)
Infrastructure(1)
Capability(1)
Victim

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise3

TypeIndicatorConfidenceScoreFirst Seen
SHA256e3ec5926a167d6e3359f98cdfb7ac3b2cce97652843056505d02e6d2898573c6
botnetfile-hashintel-blog
Medium
53
Jul 4, 26
URLhttps://helloxcherry.com/cdn/static/c3587edc48c37656b29bcd3da9458eea/update 
intel-blogloadermalware
High
58
Jul 4, 26
MD5c3587edc48c37656b29bcd3da9458eea
file-hashindicatorintel-blog
Medium
45
Jul 3, 26

IOC Relationship Graph

IOC Relationship Graph3 total IOCs
SHA256URLMD5
SHA2561URL1MD51Actors1Malware1REPORTCrownX Ransomware EmbeddedSandwormPsExec
scroll to zoom · drag to pan · click IOC to open