APT 38

Published date : Feb. 18, 2022, 7 p.m.

URGENT

An internal report signals that a group of cyber-criminals, identified as north-koreans, is actively concealing health pass through illegal marketplaces on the dark web.

One of the considered lead is that the deemed secured "EU Digital COVID Certificate system" has been compromised by the group of cyber-criminals.
You will find a network capture of the compromission, the goal of your mission being to recover the data potentially exfiltrated by the attacker.

Solved by

Username	Website	Score	Date
arpascal	https://arnaud.sh	1845	Feb. 18, 2022, 8:25 p.m.
nieyraud		965	Feb. 19, 2022, 12:54 a.m.
lmartin		1175	Feb. 19, 2022, 1:49 p.m.
chamada	https://42lyon.fr	600	March 1, 2022, 11:34 p.m.
TarteAuC		90	March 15, 2022, 1:21 a.m.
clinche	https://github.com/clinche	1085	March 17, 2022, 1:29 a.m.
pixailz@420v3rfl0w	https://github.com/Pixailz	880	March 17, 2022, 2:48 a.m.
sam0verfl0w	https://github.com/Unam3dd	975	March 17, 2022, 2:49 a.m.
Syca	https://cyrihack.fr	1485	July 30, 2022, 1:30 a.m.
abouthib		1090	July 31, 2022, 5:33 p.m.
wow	https://friends42.fr	400	Oct. 8, 2022, 7:06 p.m.
ParesseuxRose		420	Dec. 15, 2022, 8:58 p.m.
bgrulois		425	Dec. 21, 2022, 8:28 p.m.
atrouill		780	Feb. 12, 2023, 12:26 a.m.
0xpwny_OR_ziggs.ma	https://thehackernewsbdarija.com/	340	Feb. 15, 2023, 1:01 a.m.
riblanc		1120	Feb. 15, 2023, 1:21 p.m.
asoursou	https://github.com/ChuOkupai	520	Feb. 18, 2023, 12:04 p.m.
pichuu		560	Feb. 18, 2023, 12:04 p.m.
alyildiz	https://github.com/0xSHIN	325	March 16, 2023, 4:49 a.m.
asarandi	https://github.com/asarandi	2080	April 28, 2023, 3:26 p.m.
Ardcord		915	Oct. 23, 2023, 1:42 p.m.
mboivin	https://github.com/matboivin	710	Jan. 25, 2024, 8:24 p.m.
_karaskp_		305	Feb. 3, 2024, 11:48 p.m.
1felx		305	Feb. 17, 2024, 12:14 a.m.
MinjaeLee	https://github.com/MinjeaLee	1990	May 9, 2024, 4:05 a.m.
UncleReaton	https://unclereaton.dev	735	Feb. 7, 2025, 5:15 p.m.
hsabir-xoreaxeax	https://github.com/lenartlola	1630	April 16, 2025, 4:49 p.m.