APT 38

Published date : Feb. 18, 2022, 7 p.m.

URGENT

An internal report signals that a group of cyber-criminals, identified as north-koreans, is actively concealing health pass through illegal marketplaces on the dark web.

One of the considered lead is that the deemed secured "EU Digital COVID Certificate system" has been compromised by the group of cyber-criminals.
You will find a network capture of the compromission, the goal of your mission being to recover the data potentially exfiltrated by the attacker.

Solved by

Username	Website	Score	Date
arpascal	https://arnaud.sh	1900	Feb. 18, 2022, 8:25 p.m.
nieyraud		1010	Feb. 19, 2022, 12:54 a.m.
lmartin		1205	Feb. 19, 2022, 1:49 p.m.
chamada	https://42lyon.fr	620	March 1, 2022, 11:34 p.m.
TarteAuC		90	March 15, 2022, 1:21 a.m.
clinche	https://github.com/clinche	1130	March 17, 2022, 1:29 a.m.
pixailz@420v3rfl0w	https://github.com/Pixailz	910	March 17, 2022, 2:48 a.m.
sam0verfl0w	https://github.com/Unam3dd	1020	March 17, 2022, 2:49 a.m.
Syca	https://cyrihack.fr	1540	July 30, 2022, 1:30 a.m.
abouthib		1140	July 31, 2022, 5:33 p.m.
wow	https://friends42.fr	435	Oct. 8, 2022, 7:06 p.m.
ParesseuxRose		440	Dec. 15, 2022, 8:58 p.m.
bgrulois		455	Dec. 21, 2022, 8:28 p.m.
atrouill		820	Feb. 12, 2023, 12:26 a.m.
0xpwny_OR_ziggs.ma	https://thehackernewsbdarija.com/	360	Feb. 15, 2023, 1:01 a.m.
riblanc		1170	Feb. 15, 2023, 1:21 p.m.
asoursou	https://github.com/ChuOkupai	550	Feb. 18, 2023, 12:04 p.m.
pichuu		595	Feb. 18, 2023, 12:04 p.m.
alyildiz	https://github.com/0xSHIN	345	March 16, 2023, 4:49 a.m.
asarandi	https://github.com/asarandi	2135	April 28, 2023, 3:26 p.m.
Ardcord		960	Oct. 23, 2023, 1:42 p.m.
mboivin	https://github.com/matboivin	760	Jan. 25, 2024, 8:24 p.m.
_karaskp_		320	Feb. 3, 2024, 11:48 p.m.
1felx		315	Feb. 17, 2024, 12:14 a.m.
MinjaeLee	https://github.com/MinjeaLee	2045	May 9, 2024, 4:05 a.m.
UncleReaton	https://unclereaton.dev	780	Feb. 7, 2025, 5:15 p.m.
hsabir-xoreaxeax	https://github.com/lenartlola	1680	April 16, 2025, 4:49 p.m.