ZeroDay Labs, Cyber Range
Dashboard
Tracks
Admin
Edit lab
Editing phish-bec-wire-fraud
{ "slug": "phish-bec-wire-fraud", "tags": [ "phishing", "mvp", "guided-lab" ], "flags": [ { "key": "final", "value": "ZDL{phish-bec-wire-fraud}" } ], "hints": [ { "id": "hint-1", "content": "Start with the most obvious metadata field before diving deeper.", "penaltyPoints": 0 }, { "id": "hint-2", "content": "Correlate timestamps, source identifiers, and the user-facing lure.", "penaltyPoints": 5 } ], "title": "BEC Wire Fraud Attempt", "runtime": { "mode": "artifacts_only", "cpuLimit": 1, "exposePorts": [], "templateKey": "phishing-artifact-lab", "memoryLimitMb": 512, "artifactsMountPath": "/lab/artifacts" }, "summary": "Investigate a business email compromise scenario involving urgent payment instructions.", "artifacts": [ { "key": "primary", "path": "artifacts/phish-bec-wire-fraud.eml", "type": "eml", "label": "Primary Lab Artifact", "downloadable": true } ], "questions": [ { "key": "q1", "type": "short_text", "answer": "sample-indicator", "points": 10, "prompt": "What is the main indicator you identified first?", "caseSensitive": false }, { "key": "q2", "type": "short_text", "answer": "isolate and escalate", "points": 10, "prompt": "What action should the analyst take next?", "caseSensitive": false }, { "key": "flag-final", "type": "flag", "answer": "ZDL{phish-bec-wire-fraud}", "points": 20, "prompt": "Submit the final lab flag.", "caseSensitive": true } ], "trackSlug": "soc-analyst-phishing-email-investigation", "difficulty": "intermediate", "trackTitle": "SOC Analyst – Phishing Email Investigation", "instructions": [ { "id": "step-1", "title": "Review the scenario", "content": "Read the scenario summary and note the primary investigation goal." }, { "id": "step-2", "title": "Inspect the provided artifact or environment", "content": "Use the artifact downloads or the live container session to gather evidence." }, { "id": "step-3", "title": "Answer the guided questions", "content": "Submit answers and the final flag before time expires." } ], "estimatedMinutes": 20, "timeLimitMinutes": 30, "dbLabId": "760cad7e-9cbf-427a-9b32-55ffcc5ec3b5" }