TheZeal0t's Cryptoware IOC 1

Challenge:

The Zeal0t's cryptoware has a particular network signature that can be used as an "Indicator of Compromise" (IOC). This indicator is unique to the cryptoware, so it can be used to indicate that a system has been infected by the cryptoware, or the cryptoware attempted to infect it.

Enter the IOC as the flag: Example flag{EXACT-IOC-STRING}

TheZealot's Encryptor

Solution:

We performed dynamic analysis and observed the binary making a request to http://insidious.deadface[.]io/zealotcrypt-aes-key.txt with a very descriptive User-Agent:

GET /zealotcrypt-aes-key.txt HTTP/1.1
Host: insidious.deadface.io
User-Agent: DEADFACE_LLABS_CRYPTOWARE/6.69
Accept-Encoding: gzip

The accepted flag was, flag{DEADFACE_LLABS_CRYPTOWARE/6.69}.

Author(s):

Category:

Points:

File(s):

Hint(s):

TheZeal0t's Cryptoware IOC 1

Challenge:

Solution:

Leave a comment