Pegasy
Pegasy's Blog

Pegasy's Blog

[TryHackMe] - AoC 3 - Day 16 - Ransomware Madness

[TryHackMe] - AoC 3 - Day 16 - Ransomware Madness

Pegasy's photo
Pegasy
·Dec 24, 2021·

2 min read

Subscribe to my newsletter and never miss my upcoming articles

Table of contents

Link : https://tryhackme.com/room/adventofcyber3

Difficulty : Easy

Category : OSINT


You are the responding intelligence officer on the hunt for more information about the infamous "Grinch Enterprises" ransomware gang.

As a response to the recent ransomware activity from Grinch Enterprises, your team has managed to collect a sample ransomware note.

!!! ВАЖНЫЙ !!!

Ваши файлы были зашифрованы Гринчем. Мы используем самые современные технологии шифрования.

Чтобы получить доступ к своим файлам, обратитесь к оператору Grinch Enterprises.

Ваш личный идентификационный идентификатор: «b288b97e-665d-4105-a3b2-666da90db14b».

С оператором, назначенным для вашего дела, можно связаться как "GrinchWho31" на всех платформах.

!!! ВАЖНЫЙ !!!

The first step is to translate this note :

Traduction with DeepL

image.png


What is the operator's username ?

It is simply in the message translated above :

image.png


What social media platform is the username associated with ?

Just do a google search for the nickname, the answer is twitter :

image.png

image.png


What is the cryptographic identifier associated with the operator ?

The answer is in the one tweet written by GrinchWho31 :

image.png


What platform is the cryptographic identifier associated with ?

Same as the previous question, so the answer is keybase.io :

image.png


What is the bitcoin address of the operator ?

image.png


What platform does the operator leak the bitcoin address on ?

This platform is github, the profile is present on its profile keybase.io :

image.png


What is the operator's personal email ?

You need to inspect the second repo and look at this commit from November 16 :

Commit

image.png

We can therefore also answer the last question of the challenge !


🕵🏼Author : https://twitter.com/mika_sec

➡️Pentester at : https://pegasy.co/

image.png

 
Share this