Scenario Card Collection

TipFirst time running M&M? Start here.

If this is your first session as an Incident Master – or if you are running for players who have never played before – use an IM Onboarding Scenario instead of a standard scenario card. Onboarding scenarios are fully scripted: every NPC line, clue prompt, decision point, and resolution ending is written out. No improvisation required.

See the Zero-Prep Scenarios section in the sidebar, or go directly to:

• FakeBat: Friday Deadline – Creative agency, 12 employees, 48 hours before a career-defining pitch
• GaboonGrabber: The Fundraiser Email – Small nonprofit, 20 employees, 48 hours before their annual fundraiser

Both scenarios run in 90-120 minutes and introduce mechanics one at a time.

This appendix contains ready-to-use scenario cards that provide specific organizational contexts and incident setups for each malmon. Each card includes stakeholders, timeline pressures, and discovery hooks tailored to different industries and organizational types.

How Scenario Cards Work

Scenario cards transform generic malmon encounters into specific, relatable incidents by providing:

• Organizational Context: Realistic workplace settings with industry-specific details
• Key Stakeholders: Named NPCs with clear motivations and concerns
  
• Timeline Pressure: Realistic deadlines that drive decision-making urgency
• Discovery Hooks: Multiple starting points for player investigation
• Success Metrics: Clear objectives for incident resolution

Browsing Scenarios

Use the sidebar navigation to explore scenario cards organized by malmon type. Each malmon folder contains multiple industry-specific scenarios ready for your sessions.

Selection Guidelines

By Experience Level:

• Beginner Groups: Gaboon Grabber, Raspberry Robin, FakeBat scenarios
• Intermediate Groups: WannaCry, LockBit, Code Red, Poison Ivy, Wire Lurker scenarios
  
• Advanced Groups: Stuxnet, Ghost Rat, Noodle Rat, Litter Drifter, Winnti scenarios

By Session Length:

• 2-hour sessions: Single-organization scenarios with clear timelines
• 4-hour sessions: Multi-stakeholder scenarios with complex interdependencies
• Campaign play: Mix scenarios to show malmon evolution and organizational learning

By Learning Objectives:

• Technical Skills: Stuxnet, Code Red scenarios emphasize technical analysis
• Social Engineering: Gaboon Grabber, FakeBat scenarios focus on human factors
• Incident Coordination: WannaCry, Ghost Rat scenarios teach team leadership
• Long-term Investigations: Poison Ivy, Noodle Rat scenarios develop patience and methodology