[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:new-avalon-malware-framework-packs-crownx-ransomware-capabilities-mr7156ri":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":12,"action_required":17,"article_ids":18,"ioc_summary":20,"source_urls":21,"status":23,"expires_at":24,"created_at":25,"updated_at":26,"articles":27},"00620ef2-b47b-4803-9f93-a1a824355a36","New Avalon Malware Framework Packs CrownX Ransomware Capabilities","new-avalon-malware-framework-packs-crownx-ransomware-capabilities-mr7156ri","Avalon is a modular malware framework delivering CrownX ransomware through multi-stage phishing attacks. It combines credential theft, lateral movement, and destructive ransomware with advanced evasion techniques. Organizations face full encryption and disk structure damage with limited recovery options.","critical","advisory",[],[13,14,15,16],"Microsoft","MSBuild","Proton Drive","Blackpoint Cyber","Hunt for multi-stage phishing campaigns in email logs and monitor for lateral movement using stolen credentials. Block known Avalon IOCs at network perimeter and scan endpoints for CrownX artifacts. Check for suspicious remote access tool installations on critical systems.",[19],"0687be24-665d-45dc-8789-0e21003e4e06",null,[22],"https:\u002F\u002Fthehackernews.com\u002F2026\u002F07\u002Fnew-avalon-malware-framework-packs.html","active","2026-07-07T00:05:12.331+00:00","2026-07-05T00:05:18.164236+00:00","2026-07-05T00:05:43.610152+00:00",[28],{"id":19,"title":6,"url":22}]