STORY DRIVEN OSINT CTF

easy
medium
hard
insane

Cryptic Spectre

Briefing

Greetings, Special Agent.

The cyber battlefield has shifted. A high-profile organization has fallen victim to a highly sophisticated attack, and the evidence points to a lurking menace operating in the shadows. Our team has intercepted a critical piece of the puzzle—a single malware hash retrieved from the wreckage.

This is no ordinary breach. The complexity of the attack suggests the involvement of an Advanced Persistent Threat (APT), a shadowy collective of cyber operatives known for their patience, precision, and relentless pursuit of their objectives. These groups don’t strike randomly—they’re hunters with a target in mind, often with devastating consequences.

The stakes couldn’t be higher. Our initial analysis hints that this could be part of a broader campaign, one designed to disrupt, steal, or destroy. Every second we delay could mean further damage to critical infrastructure, the exposure of sensitive information, or worse—an escalation in their endgame.

As always, Special Agent. The contract is yours, if you choose to accept.

Materials

Malware Hash: 9e7053a4b6c9081220a694ec93211b4e

Answer Instruction

Use the answer to unlock the flagfile, this will reward you with your badge.

Answer format: APTgroupnumber_targetoftheattack

Answer example: APT43_departmentofjustice

Flagfile

Be advised, the flagfile is an encrypted ZIP. Make sure your OS supports the ZIP format. Ensure the password contains no hidden characters or formatting, paste in Notepad first if the password doesn’t seem to work.

Download Flagfile here

PS: Don’t forget to claim your Coins and XP, by posting your card in the #card-brag channel in Discord.

Official Write-up

Provided here is the official write-up, it does contain the answer. Use this if you’re stuck, or want to verify if you got the answer correct.

Cryptic Spectre

A malware hash has been discovered during an investigation of a high-profile cyber attack. We need to identify both the APT group responsible and their target based on this evidence.

Available Materials

  1. Malware hash: 9e7053a4b6c9081220a694ec93211b4e
  2. Context about cyber attack
  3. Format requirements for answer

Solution Path

Hash Analysis

  1. Search malware databases for the hash
  2. Check threat intelligence platforms
  3. Research historical cyber attacks
  4. Cross-reference APT group activities
  5. Verify incident timelines

Target Identification

Look for connections between:

  1. APT28 activities
  2. Democratic National Committee
  3. Historical cyber campaigns
  4. Attack patterns
  5. Timeline alignment

Answer Format

Must follow this format:

APTgroupnumber_targetoftheattack

Correct format:

APT28_democratnationalcommittee

Format Requirements

  1. APT group in correct format (APT##)
  2. Underscore separator
  3. Target name in lowercase
  4. No spaces in target name
  5. No special characters

Research Tools

  1. VirusTotal
  2. Malware databases
  3. Threat intelligence reports
  4. APT group profiles
  5. Historical attack databases

Verification Steps

  1. Confirm hash associations
  2. Verify APT group number
  3. Validate target name
  4. Check formatting
  5. Cross-reference historical data

Remember: Focus on connecting the malware hash to known APT28 campaigns and their documented target organizations.

Creator: Vance Poitier