# Tag: infrastructure

Custom Terraform modules used in this evaluation's Terraform Deployment for the Amazon Web Services (AWS) platform.

Enterprise Evaluation 2025 uses the following platforms:

For guidance on setting up the overall infrastructure used for emulation of CL0P, LockBit, and DPRK, please see

The CL0P, DPRK, and LockBit adversaries as well as the Protections micros share an infrastructure configuration.

The CL0P, DPRK, and LockBit adversaries as well as the Protections micros share an infrastructure configuration.

The Scattered Spider and Mustang Panda adversaries, as well as the Protections infrastructure for the Enterprise 2025 evaluation share a common...

The CL0P, DPRK, and LockBit adversaries as well as the Protections micros share an infrastructure configuration.

Note: During development, the threat actors were referred to by the codenames "Demeter" (Scattered Spider) and "Hermes" (Mustang Panda).

Enterprise 2025 infrastructure deployment is a multi-step process involving three Terraform backends:

Terraform deployment 1 of 3. Please see the main Terraform Deployment page for more information.

Terraform deployment 2 of 3. Please see the main Terraform Deployment page for more information.

Terraform deployment 3 of 3. Please see the main Terraform Deployment page for more information.

The following is an overview of configurations (i.e., Ansible playbooks) applied to Enterprise 2025 infrastructure.

The following steps should be performed after deploying the infrastructure.

After configuring the Enterprise 2025 infrastructure, the following manual steps are required.

This document covers the infrastructure setup for emulating ATT&CK Evaluations — Scattered Spider and Mustang Panda (2025).

Traffic Redirection

For guidance on setting up the overall infrastructure used for emulation of ALPHV BlackCat and menuPass, please see

The Resources directory contains the following:

The ALPHV BlackCat and menuPass adversaries share an infrastructure configuration.