Dagon Locker Ransomware - Private Case #23825
Dagon Locker Ransomware - Private Case #23825
This lab is based on a Private Threat Brief that starts with IcedID and ends in Dagon Locker Ransomware.
To read more about DFIR Labs click here.
Your access time starts at purchase time. You will receive an email within 5 minutes of purchase with instructions on how to connect to the lab. Enjoy!
Disclaimer
All information in the DFIR Labs and analysis of that information shall be treated as TLP:RED. This classification mandates that the information is not shared publicly or privately without explicit permission from The DFIR Report.
The difficulty of each DFIR Lab case is inherently subjective and may vary based on the participant’s individual skills and experience.
Share
I have been reading the DFIR report for over a year now to develop detection analytics based on findings of threat actors actvities. However, you have a different feeling when you are able to have a full picture of the scope of these activities by looking at the events generated and how the intelligence is developed from the data itself. The labs gives you that sperspective,i.e it enables you to appreciate how the reports are generated through investigation and how the threat actor activities are correlated. I love the labs and please continue to produce this great content!
Excellent lab that it expand your knowledge and strech your skills. Definitely a must case for experienced folks. Enjoy it :)
PS: A very stable lab without surprises.
I really enjoyed the lab, quick access and very good case to investigate.
The lab was great and extremely challenging. The questions were pretty tough, and I had to build a complete timeline from the initial access to the ransomware deployment to answer them properly. It took me about 10 hours to complete, give or take.
I want to express my appreciation to the team at TheDFIRReport for their dedication to putting this together. I'm not sure if I enjoyed the struggle of squinting my eyes out looking through thousands of logs, but it is real, and if you plan to be a defender and handle incidents, enduring this process is essential. This is the perfect case scenario when you don't have fancy EDRs like CrowdStrike, Carbon Black, and S1 to make your investigations a bit easier. You rely on logs, they are everywhere. And learning to navigate them is quite important.