
OneNote Attachment to RAT: A Guided First Investigation
A logistics contracts employee at Glacierline Freight opens a phishing email carrying a malicious OneNote notebook. Clicking a fake Open button runs an embedded batch file that chains through cmd.exe and a hidden, encoded PowerShell cradle to download an IcedID loader disguised as an image. Walk the email gateway, file artifacts, and endpoint process tree step by step from the spoofed sender to the C2 beacon.
Launches today
Friday, July 3, 2026 at 9:00 AM
Be ready the moment it drops — free forever.
Training Tools
What you'll investigate
6 objectives unlock when this operation goes live.
Be first when it launches
Create your free account now. The moment this operation goes live on Jul 3, 2026, you can jump straight in — and you'll have the rest of the catalog to train on meanwhile.
Get Started FreeNo credit card required — free forever