We've discovered that DEADFACE was somehow able to extract a fair amount of data from Techno Global Research Industries. We are still working out the details, but we believe they crafted custom malware to gain access to one of TGRI's systems. We intercepted a Word document that we believe mentions the name of the malware, in addition to an audio file that was part of the same conversation. We're not sure what the link is between the two files, but I'm sure you can figure it out!
Submit the flag as: flag{executable_name}. Example: flag{malware.exe}.
There is weird audio at 3:17 Sequence 01.mp3. Do Spectral Analysis with https://www.dcode.fr/spectral-analysis will produces Gr33dK1Lzz@11Wh0Per5u3
Decrypt Untitlednosubject.docx with msoffcrypto-tool
msoffcrypto-tool Untitlednosubject.docx decrypted.docx -p Gr33dK1Lzz@11Wh0Per5u3
Extract .docx file with binwalk
binwalk -e decrypted.docx
Look at /word/document.xml, we got "but we are going to use Wh1t3_N01Z3.exe to sent out a reverse shell. Be prepared to listen for the signal. "