The Jellyfish Project

Greetings, Special Agent K.

Our Incident Response team has flagged a persistent intrusion within a strategic infrastructure network.

The Tactics, Techniques, and Procedures (TTPs) observed strongly align with North Korean threat groups. The attackers successfully established persistence by deploying a specific backdoor (a specialized C++ implant).

We have identified a Command & Control (C2) server and recovered a partial file hash from the infected workstation. We need you to bridge the gaps in our intelligence.

Evidence Logs

• C2 IP Address: 23[.]27[.]124[.]228
• Partial Malware Hash (SHA-256): 15208030eda48b3786f7d85d756d2bd[...]

To complete the report, you must complete the following tasks:

• The Full Signature: Pivot from the partial fragment to find the complete file signature.
• The Delivery Mechanism: Identify the specific malware name used by Lazarus the attacker
• The Connection: Identify the exclusive tool associated with this specific campaign's infrastructure.

As always, Special Agent K, the contract is yours, if you choose to accept.

Answer Instruction

Download the flag-file using the button below
Unlock the flag-file using the answer as the password
Answer format: FullHash-RansomwareName-ToolTheyCreated
Answer example: 8f2e9a3b7c1d5f4e6a0b2d8c4f9e1a3d5b7c0d2e4f6a8b0c2d4e6f8a0b2c4d6e-Locky-HotCroissant