Akira - Storm-1567

Akira - Storm-1567 is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: Event Log Explorer, Timeline Explorer, EvtxECmd, MemProcFS, Volatility 3, R-Studio, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Command and Control, Impact.

Learning Objectives

Learn to investigate Akira ransomware using memory forensics to identify IOCs, analyze attacker behavior, reconstruct timelines, and uncover system compromise, defense evasion, and persistence methods.

Categories: Endpoint Forensics.

MITRE ATT&CK Tactics: Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Command and Control, Impact.

Tools: Timeline Explorer, EvtxECmd, MemProcFS, Event Log Explorer, Volatility 3, R-Studio.

Difficulty: medium.