REvil - GOLD SOUTHFIELD

REvil - GOLD SOUTHFIELD is a blue team lab that falls under the Threat Hunting category and will cover the following subjects: Splunk, ELK, OSINT, Execution, Persistence, Privilege Escalation, Defense Evasion, Discovery.

Learning Objectives

Analyze Sysmon logs in Elastic SIEM to investigate REvil ransomware attack behaviors, decode recovery sabotage commands, and identify IOCs including the C2 onion domain.

Categories: Threat Hunting.

MITRE ATT&CK Tactics: Execution, Persistence, Privilege Escalation, Defense Evasion, Discovery.

Tools: Splunk, ELK, OSINT.

Difficulty: easy.