Skip to main content
Weaponized SVG: Hidden JavaScript in an Image Attachment operation cover
COMING SOONBeginner

Weaponized SVG: Hidden JavaScript in an Image Attachment

A treasury analyst at a bank opens a SWIFT-themed phishing email carrying an SVG attachment. The image is XML that smuggles Base64-encoded JavaScript; clicking Download PDF writes a ZIP to disk instead. Inside is a JavaScript downloader that wscript.exe runs, pulling a Java loader from an Amazon S3 bucket that deploys the Blue Banana RAT. Walk the email gateway, file artifacts, and endpoint process tree step by step from the spoofed sender to the C2 beacon.

25m
6 tasks
25 points
Free

Launches in 4 days

Jul 7, 2026

Tuesday, July 7, 2026 at 9:00 AM

Create your free account

Be ready the moment it drops — free forever.

Training Tools

EmailXDR

What you'll investigate

6 objectives unlock when this operation goes live.

1Brief: an image that was not just an image
2Trace the delivery to its sender
3Find the file that wrote a ZIP to disk
4Follow the execution chain
5Name the command-and-control host
6Classify the scripting technique

Be first when it launches

Create your free account now. The moment this operation goes live on Jul 7, 2026, you can jump straight in — and you'll have the rest of the catalog to train on meanwhile.

Get Started Free

No credit card required — free forever