Advanced Threat Emulation Scenarios

Advanced Threat Emulation Scenarios

5 complete APT emulation scenarios based on real threat actors:

• APT29 (Cozy Bear) — Spearphishing with macro-enabled documents, WellMess loader deployment, Cobalt Strike beacon with customized malleable profile, lateral movement via WMI and PsExec.
• APT28 (Fancy Bear) — Credential harvesting via OAuth phishing, X-Tunnel deployment for persistent access, Zebrocy dropper chain with multi-stage payloads.
• FIN7 — Phishing with weaponized DOCX, Carbanak backdoor installation, SQLCMD-based data exfiltration from POS systems, pivoting through internal jump hosts.
• Lazarus Group — Watering hole attack with browser exploit, FALLCHILL RAT deployment, cryptocurrency wallet extraction, custom tunneling over HTTPS.
• Wizard Spider — TrickBot initial access via malspam, Ryuk ransomware deployment chain, Active Directory compromise via Kerberoasting, data staging and exfiltration before encryption.