Writeup: Advent of Cyber 3 Day 16
Link: Advent Of Cyber 3 on TryHackMe
You are the responding intelligence officer on the hunt for more information about the infamous "Grinch Enterprises" ransomware gang. As a response to the recent ransomware activity from Grinch Enterprises, your team has managed to collect a sample ransomware note.
!!! ВАЖНЫЙ !!!
Ваши файлы были зашифрованы Гринчем. Мы используем самые современные технологии шифрования.
Чтобы получить доступ к своим файлам, обратитесь к оператору Grinch Enterprises.
Ваш личный идентификационный идентификатор: «b288b97e-665d-4105-a3b2-666da90db14b».
С оператором, назначенным для вашего дела, можно связаться как "GrinchWho31" на всех платформах.
!!! ВАЖНЫЙ !!!
Answer: No answer needed
What is the operator's username?
Answer: GrinchWho31
What social media platform is the username associated with?
Using checkusernames.com:
Answer: Twitter
What is the cryptographic identifier associated with the operator?
From Twitter:
Answer: 1GW8QR7CWW3cpvVPGMCF5tZz4j96ncEgrVaR
What platform is the cryptographic identifier associated with?
Answer: keybase.io
What is the bitcoin address of the operator?
From Keybase:
Answer: bc1q5q2w2x6yka5gchr89988p2c8w8nquem6tndw2f
What platform does the operator leak the bitcoin address on?
This should be "Keybase" again, but it is apparently GitHub. Visit the GitHub mentioned in the previous task and go to the Christmas-Stealer repository and find the address.
Answer: GitHub
What is the operator's personal email?
Go to the other repository's (ChristBASHTree) commit history, the latest commit removes some lines.
Answer: [email protected]
What is the operator's real name?
See the previous question.
Answer: Donte Heath