Fog Ransomware - Fluttering Scorpius

Fog Ransomware - Fluttering Scorpius is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: Event Log Explorer, DB Browser for SQLite, Registry Explorer, NTFS Log Tracker, Timeline Explorer, EvtxECmd, Eric Zimmerman Tools, Execution, Persistence, Privilege Escalation, Command and Control, Impact.

Learning Objectives

Reconstruct the Fog ransomware attack chain by analyzing browser, registry, event logs, and MFT artifacts to identify initial access, persistence, BYOVD privilege escalation, and IOCs.

Categories: Endpoint Forensics.

MITRE ATT&CK Tactics: Execution, Persistence, Privilege Escalation, Command and Control, Impact.

Tools: Event Log Explorer, DB Browser for SQLite, Registry Explorer, NTFS Log Tracker, Timeline Explorer, EvtxECmd, Eric Zimmerman Tools.

Difficulty: medium.