IcedID to Dagon Locker Ransomware - Private Case #23825
IcedID to Dagon Locker Ransomware - Private Case #23825
This lab is based on a Private Threat Brief that starts with IcedID and ends in Dagon Locker Ransomware.
To read more about DFIR Labs click here.
Your access time starts at purchase time. You will receive an email within 5 minutes of purchase with instructions on how to connect to the lab. Enjoy!
Disclaimer
All information in the DFIR Labs and analysis of that information shall be treated as TLP:RED. This classification mandates that the information is not shared publicly or privately without explicit permission from The DFIR Report.
Share
The lab was great and extremely challenging. The questions were pretty tough, and I had to build a complete timeline from the initial access to the ransomware deployment to answer them properly. It took me about 10 hours to complete, give or take.
I want to express my appreciation to the team at TheDFIRReport for their dedication to putting this together. I'm not sure if I enjoyed the struggle of squinting my eyes out looking through thousands of logs, but it is real, and if you plan to be a defender and handle incidents, enduring this process is essential. This is the perfect case scenario when you don't have fancy EDRs like CrowdStrike, Carbon Black, and S1 to make your investigations a bit easier. You rely on logs, they are everywhere. And learning to navigate them is quite important.
Well done lab, and being able to touch the data from the report really helped make the insights real 👍