Fog, which uses the .flocked extension for encrypted files, was first observed in May in campaigns by Storm-0844, a threat actor known for distributing Akira. By June, Storm-0844 was deploying Fog more than Akira.
| Title | Available | Last Visit | FQDN | Screenshot |
|---|---|---|---|---|
| FOG | 🟢 | 2024-09-19 15:50:57.378782 | xql562evsy7njcsngacphc2erzjfecwotdkobn3m4uxu2gtqh26newid.onion | 📸 |
| Blog | 🟢 | 2024-09-19 15:51:13.067734 | xbkv2qey6u3gd3qxcojynrt4h5sgrhkar6whuo74wo63hijnn677jnyd.onion | 📸 |
| Blog | 🟢 | 2024-09-19 15:51:28.281713 | xbkv2qey6u3gd3qxcojynrt4h5sgrhkar6whuo74wo63hijnn677jnyd.onion | 📸 |
| Discovery | RMM Tools | Defense Evasion | Credential Theft | OffSec | Networking | LOLBAS | Exfiltration |
|---|---|---|---|---|---|---|---|
| Advanced Port Scanner | Veeam-Get-Creds | Metasploit | PsExec | ||||
| SharpShares | |||||||
| SoftPerfect NetScan |
This information is provided by Ransomware-Tool-Matrix
| Employees(s) | Customer(s) | Third Party Employee(s) |
|---|---|---|
This information is provided by HudsonRock
You're leaving the Ransomare.live site. Do you want to continue?
