Hello,
yes, we send ICMP Echo Requests with payload consisting of 32 'E's. The payload was chosen randomly.
The payload pattern is not restricted to a single company and anyone can use whatever he wants. Unfortunatelly, in this case it was chosen by the botnet and the same can happen even in case of 'AvastAvast...' pattern you're suggesting.
As the pings are deterministic (destination is one of our servers) I suggest extending the signature.
Best regards
Marek