Skip to main content
Ransomware Investigation: ALPHV/BlackCat Healthcare Sector Campaign operation cover
AdvancedSIEMXDRFirewall

Ransomware Investigation: ALPHV/BlackCat Healthcare Sector Campaign

Investigate the sophisticated TTPs of the ALPHV (BlackCat) ransomware group following the breach of a major healthcare entity. You will analyze initial access via social engineering, command-line execution patterns, registry modifications for lateral movement, and the technical mechanics of their Rust-based encryption engine.

2h
7 tasks
280 points
Free

Start this operation

Create your free account and begin immediately.

Get Early Access — Free

Free forever — no credit card required

Investigation Tasks

Complete each task by investigating alerts and submitting your findings.

1

Identify Initial Access Vector

30
SOC{ip_address}Hint available
2

Analyze Ransomware Execution Parameters

40
SOC{32_character_token}Hint available
3

Detect Registry Optimization for Impact

35
SOC{integer_value}Hint available
4

Trace Triple-Extortion Exfiltration

45
SOC{ip_address}Hint available
5

Identify Shadow Copy Deletion

30
SOC{full_command}Hint available
6

Map Encryption API Calls

50
SOC{API_Name}Hint available
7

Correlate Lateral Movement to File Servers

50
SOC{hostname}Hint available

7 tasks · 280 points total

Start investigation

Training Tools

SIEM Console

Log analysis & SPL queries

XDR Console

Endpoint detection & response

Firewall Console

Network traffic analysis

Skills You'll Build

Investigate realistic security alerts
SIEM log analysis
XDR log analysis
Firewall log analysis
MITRE ATT&CK technique identification
Triage decisions: escalate, investigate, or close
Evidence collection and documentation
Job-ready incident response methodology
Advanced

Complex multi-stage investigations. Realistic noise, ambiguous indicators, lateral movement.

Prerequisites

  • Basic understanding of security alerts
  • Experience with log analysis tools
  • Familiarity with SIEM concepts
  • Familiarity with XDR concepts
  • Familiarity with Firewall concepts

Ready to investigate?

Create your free account and begin immediately.

Get Early Access — Free

Free forever — no credit card required

More Operations

View all
BeginnerSIEMXDR

ClickFix: The Fake CAPTCHA Trap

Investigate a modern 'ClickFix' social engineering attack where a user was tricked into executing a malicious PowerShell command via a fake CAPTCHA interface. You will analyze SIEM and XDR telemetry to trace the infection from the initial web lure to the deployment of an infostealer.

30m20 pts
BeginnerSIEMXDR

Phishing Investigation: ZipLine Supply Chain Campaign

Investigate a sophisticated social engineering campaign targeting manufacturing supply chains. You will analyze a 'reversed' phishing flow where attackers use 'Contact Us' forms to trick employees into initiating email conversations, leading to the deployment of the custom MixShell in-memory implant via DNS tunneling.

45m75 pts
BeginnerSIEM

Credential Harvesting: The Lookalike Login

An investigation into a modern phishing campaign targeting critical infrastructure. You will analyze email headers for domain spoofing, identify 'Paste and Run' execution chains, and track the delivery of the LummaC2 information stealer through SIEM logs.

30m20 pts

We use cookies to improve your experience and measure usage. Learn more