On August 25, 2025, CoreTech’s SOC spotted unusual activity on a workstation, hinting at a breach. Suspicious processes and network activity spread to critical servers, threatening data and systems.
Welcome to the DoubleDragon lab! Uncover a cunning cyberattack involving phishing, stealthy tools, and data theft. As a threat hunter, use Splunk and forensics tools to analyze logs and forensic artifacts, tracing the attacker’s moves to stop the breach.
Dive into DoubleDragon and thwart the attack!
To begin unraveling this attack, our first objective is to determine how the attacker initially gained access to the victim machine. In many compromises, the first foothold comes from a user interacting with a malicious link, which can silently lead to the download or execution of attacker-controlled content. By identifying the exact domain visited, we gain a clear picture of where the infection chain began and how the attacker delivered their stager.
In this case, our victim is the workstation DESKTOP, which executed suspicious activity on August