Latest Posts
13 Oct 2024
Fog Ransomware – Technical Analysis
Table Of Content Technical investigation Malware Configuration File Encryption Crypto Initialization Stopping services Process Termination Removing Backups INDICATORS OF COMPROMISE what is Fog ? In June [Arctic Wolf Labs] reported a deployment of a new ransomware named Fog Ransomware, according to their report the ransomware was seen in several incident Response cases, affecting education and […]
17 Aug 2024
Sidewinder APT – Phishing on Pakistan
Introduction On July 30th, [StrikeReady Labs] reported the discovery of a malicious **LNK** file. This file is designed to download a PowerShell script from the URL management.xuzeest[.]buzz/DSC30/.The Dark Atlas Squad has been closely monitoring this Advanced Persistent Threat (APT), attributed to SideWinder, an Indian threat group has been active since at least 2012.SideWinder primarily focusing […]
27 Jul 2024
Medusa Ransomware Group’s OPSEC Failure: Infiltrating Their Cloud Storage
Dark Atlas Squad recently responded to a ransomware incident carried out by Medusa Ransomware Group. Their OPSEC failure allowed us to infiltrate their cloud account for a certain amount of time and access the data they had been exfiltrating over time.
13 Oct 2024
5 min read
Fog Ransomware – Technical Analysis
Table Of Content Technical investigation Malware Configuration File Encryption Crypto Initialization Stopping services Process Termination Removing Backups INDICATORS OF COMPROMISE what is Fog ? In June [Arctic Wolf Labs] reported a deployment of a new ransomware named Fog Ransomware, according to their report the ransomware was seen in several incident Response cases, affecting education and […]
17 Aug 2024
5 min read
Sidewinder APT – Phishing on Pakistan
Introduction On July 30th, [StrikeReady Labs] reported the discovery of a malicious **LNK** file. This file is designed to download a PowerShell script from the URL management.xuzeest[.]buzz/DSC30/.The Dark Atlas Squad has been closely monitoring this Advanced Persistent Threat (APT), attributed to SideWinder, an Indian threat group has been active since at least 2012.SideWinder primarily focusing […]
27 Jul 2024
5 min read
Medusa Ransomware Group’s OPSEC Failure: Infiltrating Their Cloud Storage
Dark Atlas Squad recently responded to a ransomware incident carried out by Medusa Ransomware Group. Their OPSEC failure allowed us to infiltrate their cloud account for a certain amount of time and access the data they had been exfiltrating over time.