Skip to content

Lensver65/ESDC-BP

BranchesTags

Repository files navigation

ESDC-BP

Training for ESDC at NUPS, Budapest [ ]

!!!WARNING!!! Some files may contain harmful piece of malware. Only download files when you are told to do so.

You can view the OilRig.afb file via the Center for Threat Informed Defense UI

Operation flow

Intoduction

Follow the Cyber Exercise PPT file

OilRig

Learn about the threat Actor - OilRig (use the ppt above)

Tools we are using today

GitHub

VirusTotal

HybridAnalyis

Files

GGMS Overview.doc

SideTwist.exe

Story

Note for Peter: Malicious files are available on the server

Task 1

Use the LINK of „GGMS Overview.doc” (from GitHub) and have it analysed with VirusTotal (and Hybrid analysis). Do the same with the „SideTwist.exe” file

If it takes too long, use the public reports available:

VT GGMS Overview.doc

HA GGMS Overview.doc

VT SideTwist.exe

HA SideTwist.exe

Task 2

Use the LINK of „b.exe” (from GitHub) and have it analysed with VirusTotal (and Hybrid analysis).

If it takes too long, use the public reports available:

VT b.exe

HA b.exe

Task 3

Use the LINK of „contact.aspx” (from GitHub) and have it analysed with VirusTotal (and Hybrid analysis).

If it takes too long, use the public reports available:

VT contact.aspx

HA contact.aspx

Final challenge

Create a threat report about this threat actor!

Include:

  • Executive summary
  • Description
  • IOCs
  • TTPs
  • Mitre ATT&CK Framework references
  • Recommendations

Target Audience:

  • Your SOC ppl

About

Training for ESDC at NUPS, Budapest

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages