RansomHub Leads to Domain Compromise – Private Case #33490

This case is based on a Private Threat Brief. You’ll get to investigate a domain-wide compromise involving a multi-stage intrusion that started with a password spraying attack. The threat actor established persistence, performed reconnaissance, exfiltrated data, and ultimately deployed RansomHub ransomware to disrupt operations.

To read more about DFIR Labs click here.

You will receive an email within 5 minutes of purchase with instructions on how to activate the lab. Buy now, use anytime within the next 3 months. Enjoy!

Disclaimer

All information in the DFIR Labs and analysis of that information shall be treated as TLP:RED. This classification mandates that the information is not shared publicly or privately without explicit permission from The DFIR Report.

The difficulty of each DFIR Lab case is inherently subjective and may vary based on the participant’s individual skills and experience.