Latest Posts
25 Nov 2024
Helldown Ransomware Analysis
Table Of Content Introduction Data Leak Site (DLS) Analysis Malware Configuration Killing VMs 1- Memory Allocation and Initialization (v1 and v8) 2- Listing VM Processes 3- Parsing and Killing VMs by World ID Key Generation 1- Salsa Key Generation (`b_gen_salsa_key(0x10);`) 2- RSA Encryption of the Salsa Key (`b_rsa_enc((__int64)v3, 0x10);`) 3- Processing of Files (`b_work(v5);`) 4- […]
13 Oct 2024
Fog Ransomware – Technical Analysis
what is Fog ? In June [Arctic Wolf Labs] reported a deployment of a new ransomware named Fog Ransomware, according to their report the ransomware was seen in several incident Response cases, affecting education and recreation center in the United States, the investigation revealed that the attackers gain access to victims through compromised VPNs credentials, […]
17 Aug 2024
Sidewinder APT – Phishing on Pakistan
Introduction On July 30th, [StrikeReady Labs] reported the discovery of a malicious **LNK** file. This file is designed to download a PowerShell script from the URL management.xuzeest[.]buzz/DSC30/.The Dark Atlas Squad has been closely monitoring this Advanced Persistent Threat (APT), attributed to SideWinder, an Indian threat group has been active since at least 2012.SideWinder primarily focusing […]
25 Nov 2024
5 min read
Helldown Ransomware Analysis
Table Of Content Introduction Data Leak Site (DLS) Analysis Malware Configuration Killing VMs 1- Memory Allocation and Initialization (v1 and v8) 2- Listing VM Processes 3- Parsing and Killing VMs by World ID Key Generation 1- Salsa Key Generation (`b_gen_salsa_key(0x10);`) 2- RSA Encryption of the Salsa Key (`b_rsa_enc((__int64)v3, 0x10);`) 3- Processing of Files (`b_work(v5);`) 4- […]
13 Oct 2024
5 min read
Fog Ransomware – Technical Analysis
what is Fog ? In June [Arctic Wolf Labs] reported a deployment of a new ransomware named Fog Ransomware, according to their report the ransomware was seen in several incident Response cases, affecting education and recreation center in the United States, the investigation revealed that the attackers gain access to victims through compromised VPNs credentials, […]
17 Aug 2024
5 min read
Sidewinder APT – Phishing on Pakistan
Introduction On July 30th, [StrikeReady Labs] reported the discovery of a malicious **LNK** file. This file is designed to download a PowerShell script from the URL management.xuzeest[.]buzz/DSC30/.The Dark Atlas Squad has been closely monitoring this Advanced Persistent Threat (APT), attributed to SideWinder, an Indian threat group has been active since at least 2012.SideWinder primarily focusing […]