The Nokoyawa Ransomware Intrusion - Public Case #18543
The Nokoyawa Ransomware Intrusion - Public Case #18543
Difficulty:
Easy
Couldn't load pickup availability
This case is based on the public report HTML Smuggling Leads to Domain Wide Ransomware. You will investigate a fast-moving intrusion that began with HTML smuggling and the delivery of IcedID malware, leading to Cobalt Strike deployment and ending in Nokoyawa ransomware—all within just 12 hours.
Important: Choose the Correct License Type
Personal License
For individuals paying out of their own pocket for personal skill development only.
- Self-funded learning
- Personal skill improvement
- No organizational benefit
Enterprise License
Required if any organization benefits from your use, including:
- Company-sponsored training
- Skills used for work purposes
- Educational institutions
- Team learning activities
Important: If your employer is paying for this lab OR if the skills learned will benefit your employer/organization in any way, you must purchase an Enterprise license. This applies even if you're paying personally but using the skills for work.
You will receive an email within 5 minutes of purchase with instructions on how to activate the lab. Buy now, use anytime within the next 3 months. Enjoy!
Disclaimer
All information in the DFIR Labs and analysis of that information shall be treated as TLP:RED. This classification mandates that the information is not shared publicly or privately without explicit permission from The DFIR Report.
The difficulty of each DFIR Lab case is inherently subjective and may vary based on the participant's individual skills and experience.
To read more about DFIR Labs click here.
