Skip to content

Latest commit

 

History

History

APT Hunting

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
files
files
 
 
README.md
README.md
 
 
Writeup.md
Writeup.md
 
 
challenge.yml
challenge.yml
 
 

README.md

APT Hunting

Author: Roșu Darius


Description

Uncover the details of a malware binary: its APT number, type, C2 server IP, origin country, and the year the associated cybercriminal group became active.

Requirements

  • Binary analysis
  • Malware research

Solve

The solution involved:

  1. VirusTotal Analysis: Uploaded the binary to VirusTotal to identify its nature and C2 server IP.
  2. Malware Type: Detected as a backdoor, specifically.
  3. C2 Server IP: Found within the details on VirusTotal (210.48.231.182).
  4. Cybergang Group: Research on Turla (linked on VirusTotal) led to identifying APT28, Russia as the country of origin, and 2004 as the year they first became active.

Virustotal link: link


Flag: CSCTF{APT28_Backdoor_210.48.231.182_Russia_2004}