Table Of Content Technical investigation Malware Configuration File Encryption Crypto Initialization Stopping services Process Termination Removing Backups INDICATORS OF COMPROMISE what is Fog ? In June [Arctic Wolf Labs] reported a deployment of a new ransomware named Fog Ransomware,  according to their report the ransomware was seen in several incident Response cases, affecting education and […]

Introduction On July 30th, [StrikeReady Labs] reported the discovery of a malicious **LNK** file. This file is designed to download a PowerShell script from the URL management.xuzeest[.]buzz/DSC30/.The Dark Atlas Squad has been closely monitoring this Advanced Persistent Threat (APT), attributed to SideWinder, an Indian threat group has been active since at least 2012.SideWinder primarily focusing […]

Dark Atlas Squad recently responded to a ransomware incident carried out by Medusa Ransomware Group. Their OPSEC failure allowed us to infiltrate their cloud account for a certain amount of time and access the data they had been exfiltrating over time.