AVCheck
AVCheck is a counter-antivirus service used by cybercriminals to test or validate malicious files against antivirus detection. The provided reporting identifies it as one of the larger criminal services of this type and states that authorities in the United States, Finland, and the Netherlands coordinated a takedown of its infrastructure. It is referenced alongside other disrupted cybercrime services and malware ecosystems, indicating its role as enabling infrastructure for broader criminal operations rather than as a standalone malware family. No specific infection vector, malware platform, targeted industry, technical behavior, or indicators of compromise are provided in the content.
Hunt this family in your stack
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
Techniques & procedures
1 distinct technique documented for this family, organized by ATT&CK tactic.
Stealth
1 technique
Stealth
Recent activity
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Mentioned as a named cybercrime tool or malicious service disrupted in the broader crackdown, but no further technical detail is provided in the content.
AVCheck is a counter-antivirus service used by cybercriminals to test malware samples against antivirus products to evade detection.
The version that knows your environment.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.