Text

During attacks, sometimes the adversaries will store data locally on the system, which is covered by TTP T1074.001, or Data Staged: Local Data storing. There is a command that was issued that creates an output file. Can you find the command that was issued that includes the file name?

You’ve signed up for the workshop, you've studied to the data, and you've even gotten your hands dirty. Now is the time to put your knowledge to the ultimate test!

The data you've been provided during the workshop contains several common ransomware behavior examples that you have had a chance to observe and hunt for. In the data there exists another technique that falls under common ransomware behavior. Hunt through the data and see if you can find it!

For those that successfully answer the questions, you will be awarded the Cyborg Security Threat Hunting badge for Ransomware Behavior (Level 1).

How Do You Claim Your Badge?

The data is already imported into your Elastic instance during set up - all you have to do is begin your hunt!

REMEMBER: You can submit as many times as you like!

Your Threat Hunting Instructor

Webinar Picture New - Lee Archinal

Lee Archinal

Senior Threat Hunter and Content Developer, Cyborg Security

Lee is a U.S. Army veteran. While enlisted he worked as a network administrator in a wide variety of conditions. Since leaving the military he has been working in the private sector as a threat hunter and incident responder. At Cyborg Security, Lee is responsible for developing cutting edge hunting and detection content for the HUNTER platform.
Cyborg-Logo-Reverse-RGB