Author: Roșu Darius
Uncover the details of a malware binary: its APT number, type, C2 server IP, origin country, and the year the associated cybercriminal group became active.
- Binary analysis
- Malware research
The solution involved:
- VirusTotal Analysis: Uploaded the binary to VirusTotal to identify its nature and C2 server IP.
- Malware Type: Detected as a backdoor, specifically.
- C2 Server IP: Found within the details on VirusTotal (
210.48.231.182
). - Cybergang Group: Research on Turla (linked on VirusTotal) led to identifying APT28, Russia as the country of origin, and 2004 as the year they first became active.
Virustotal link: link
Flag:
CSCTF{APT28_Backdoor_210.48.231.182_Russia_2004}