This is the default text value
threat-actor-campaigns
threat actor campaign

Double Trouble with Double Dragon

Advanced Persistent Threats (APTs) conduct state-sponsored cyberattacks that can radically disrupt global business operations. Launch this campaign to start detecting sophisticated techniques leveraged by APT41, known as "Double Dragon" because they cause double trouble with both espionage and financially-motivated attacks!
Enroll Now
Need to train your team?  
Learn More
Start Course
Need to train your team? Learn More
Need to train your team?  
Learn More

9

H

3

m

Time

intermediate

i
Designed for learners with a solid grasp of foundational IT and cybersecurity concepts who are interested in pursuing an entry-level security role.
Experience Level

3520

XP

10

i

Earn qualifying credits for certification renewal with completion certificates provided for submission.
CEU's

11367

Enrollees

Campaign Outline

Threat Actor Campaigns are comprised of multiple MITRE ATT&CK aligned courses. Click on a course below to learn more.
Course
Free
1
H:
40
M
2
 CEUS

System Binary Proxy Execution and a Spearphish Payload

Spearphishing is one of the oldest tricks in the book, and in this course you will learn more about how it actually works. Plus, see how adversaries can hide malicious code in compiled HTML files. Detect and mitigate these techniques in our hands-on course.

Learn More & Enroll

Overview

Spearphishing is one of the oldest tricks in the book, and in this course you will learn more about how it actually works. Plus, see how adversaries can hide malicious code in compiled HTML files. Detect and mitigate these techniques in our hands-on course.

Start Learning
Course
Free
1
H:
25
M
1
 CEUS

Persistence via Windows Services

Windows Services are the main vehicle used by the Windows OS to start and run background functions that do not require user interaction. Configuring malware to run as a service is a common strategy for trying to blend malicious code execution in with other legitimate Windows functions. Prevent adversaries from gaining persistence in this course.
Learn More & Enroll

Overview

Windows Services are the main vehicle used by the Windows OS to start and run background functions that do not require user interaction. Configuring malware to run as a service is a common strategy for trying to blend malicious code execution in with other legitimate Windows functions. Prevent adversaries from gaining persistence in this course.
Start Learning
Course
Free
1
H:
38
M
2
 CEUS

Local Account Discovery, Creation, and Manipulation

After gaining initial access on a system, adversaries may want to do some discovery work on local accounts and maintain persistence on a victim system as they create and manipulate accounts in order to maintain their access. Learn to detect such suspicious activity in this course!

Learn More & Enroll

Overview

After gaining initial access on a system, adversaries may want to do some discovery work on local accounts and maintain persistence on a victim system as they create and manipulate accounts in order to maintain their access. Learn to detect such suspicious activity in this course!

Start Learning
Course
Free
1
H:
20
M
1
 CEUS

Using LOLbins for Tool Downloads

LOLbins won't have you laughing when threat actors "live off the land" to leverage tools and capabilities that are already present in the target environment to achieve objectives. Learn how to detect common adversary techniques such as Ingress Tool Transfer in this course.
Learn More & Enroll

Overview

LOLbins won't have you laughing when threat actors "live off the land" to leverage tools and capabilities that are already present in the target environment to achieve objectives. Learn how to detect common adversary techniques such as Ingress Tool Transfer in this course.
Start Learning
Course
Free
1
H:
30
M
2
 CEUS

Automated Archive and Exfiltration

Once an adversary has firmly established access within a target environment and identified data of interest, they want to gather and exfiltrate that data. Learn to detect such late-stage threat actor campaign techniques of automated archive and exfiltration in our hands-on course.

Learn More & Enroll

Overview

Once an adversary has firmly established access within a target environment and identified data of interest, they want to gather and exfiltrate that data. Learn to detect such late-stage threat actor campaign techniques of automated archive and exfiltration in our hands-on course.

Start Learning
Course
Free
1
H:
30
M
2
 CEUS

Ransomware with Recovery Disruption

After an adversary has exfiltrated data from a target system, the potential final stages in an attack include encrypting data for impact and inhibiting system recovery. Learn how to detect endgame ransomware techniques before a threat actor can accomplish their nefarious objective

Learn More & Enroll

Overview

After an adversary has exfiltrated data from a target system, the potential final stages in an attack include encrypting data for impact and inhibiting system recovery. Learn how to detect endgame ransomware techniques before a threat actor can accomplish their nefarious objective

Start Learning