Nitrogen - Blackcat Ransomware

Nitrogen - Blackcat Ransomware is a blue team lab that falls under the Threat Hunting category and will cover the following subjects: DB Browser for SQLite, Registry Explorer, MFTECmd, Splunk, Eric Zimmerman Tools, VirusTotal, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration, Impact.

Learning Objectives

Reconstruct multi-stage ransomware attack by correlating Splunk telemetry, disk forensics, and registry artifacts to identify persistence mechanisms, credential dumping, and lateral movement.

Categories: Threat Hunting.

MITRE ATT&CK Tactics: Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration, Impact.

Tools: DB Browser for SQLite, Registry Explorer, MFTECmd, Splunk, Eric Zimmerman Tools, VirusTotal.

Difficulty: medium.