Skip to content

Latest commit

 

History

History
29 lines (15 loc) · 1.12 KB

readme.md

File metadata and controls

29 lines (15 loc) · 1.12 KB

Can you identify the group responsible?

We believe employee credentials were initially compromised via spearphishing campaign.

A handful of employees were social engineered into clicking on malicious attachments.

The use of Cobalt Strike was observed in post-compromise network traffic.

Operations found post-compromise PowerShell activity consistent with the PowerSploit framework.

The attackers scheduled remote AT jobs via commandline.

Forensics recovered a binary created around the time of compromise with the hash 40528e368d323db0ac5c3f5e1efe4889.

Logged network traffic reveals that images with unusually large file sizes were uploaded to various GitHub accounts.

Name the APT!

Method

A bit harder this time since the initial paste into chat gpt did not answer the question.

The reason for this is that it could not parse the hash so lets do it ourselves by putting it into virus total.

I got information from this that showcased that it is an APT group from the China.

I then asked chat gpt to provide all APT groups from China that matches the description.

After a bit of trial and error i got that name which was Leviathan.