Table Of Content Introduction Data Leak Site (DLS) Analysis Malware Configuration Killing VMs 1- Memory Allocation and Initialization (v1 and v8) 2- Listing VM Processes 3- Parsing and Killing VMs by World ID Key Generation 1- Salsa Key Generation (`b_gen_salsa_key(0x10);`) 2- RSA Encryption of the Salsa Key (`b_rsa_enc((__int64)v3, 0x10);`) 3- Processing of Files (`b_work(v5);`) 4- […]

what is Fog ? In June [Arctic Wolf Labs] reported a deployment of a new ransomware named Fog Ransomware,  according to their report the ransomware was seen in several incident Response cases, affecting education and recreation center in the United States, the investigation revealed that the attackers gain access to victims through compromised VPNs credentials, […]

Introduction On July 30th, [StrikeReady Labs] reported the discovery of a malicious **LNK** file. This file is designed to download a PowerShell script from the URL management.xuzeest[.]buzz/DSC30/.The Dark Atlas Squad has been closely monitoring this Advanced Persistent Threat (APT), attributed to SideWinder, an Indian threat group has been active since at least 2012.SideWinder primarily focusing […]