Navigating Through The Fog
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
An open directory linked to a Fog ransomware affiliate was discovered, containing tools for reconnaissance, exploitation, lateral movement, and persistence. Initial access was gained through compromised SonicWall VPN credentials, while other tools facilitated credential theft and exploitation of Active Directory vulnerabilities. Persistence was maintained via AnyDesk, automated by a PowerShell script. Sliver C2 executables were used for command-and-control operations. The victims spanned multiple industries across Europe, North America, and South America, highlighting the affiliate's broad targeting scope. The toolkit included SonicWall Scanner, DonPAPI, Certipy, Zer0dump, and Pachine/noPac for various attack stages.
OPENCTI LABELS :
vpn,ransomware,lateral movement,credential theft,sliver,persistence,anydesk,cve-2020-1472,cve-2021-42278,cve-2021-42287,fog ransomware,sonicwall,active directory
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Navigating Through The Fog