The Hidden Grave Marker

Personal Rating: Hard

This osint challenge starts with a folder named .data_gsc98647a3 and the task to find the name of the threat actor that used this malware.

As it turned out, it was very easy to find the threat actor, but the challenge was to find the right name out of dozens. A quick google search for the folder name brings you to this page:

PINEFLOWER - Threat Group Cards: A Threat Actor Encyclopediaapt.etda.or.th

Since these names did not contain the right one, I continued to search for a long time and tested every name I found along the way. At some point I revisited the first page. Following the link at "APT42" brings you to this page that actually contained the right name.

PreviousRusted Oracle NextThe Azure Deception

Last updated 1 day ago