APT 38

Published date : Feb. 18, 2022, 7 p.m.

URGENT

An internal report signals that a group of cyber-criminals, identified as north-koreans, is actively concealing health pass through illegal marketplaces on the dark web.

One of the considered lead is that the deemed secured "EU Digital COVID Certificate system" has been compromised by the group of cyber-criminals.
You will find a network capture of the compromission, the goal of your mission being to recover the data potentially exfiltrated by the attacker.

Solved by

Username	Website	Score	Date
arpascal	https://arnaud.sh	1565	Feb. 18, 2022, 8:25 p.m.
nieyraud		815	Feb. 19, 2022, 12:54 a.m.
lmartin		1010	Feb. 19, 2022, 1:49 p.m.
chamada	https://42lyon.fr	520	March 1, 2022, 11:34 p.m.
TarteAuC		85	March 15, 2022, 1:21 a.m.
clinche	https://github.com/clinche	1755	March 17, 2022, 1:29 a.m.
pixailz@420v3rfl0w	https://github.com/Pixailz	830	March 17, 2022, 2:48 a.m.
sam0verfl0w	https://github.com/Unam3dd	815	March 17, 2022, 2:49 a.m.
Syca	https://cyrihack.fr	1265	July 30, 2022, 1:30 a.m.
abouthib		915	July 31, 2022, 5:33 p.m.
wow	https://friends42.fr	335	Oct. 8, 2022, 7:06 p.m.
ParesseuxRose		360	Dec. 15, 2022, 8:58 p.m.
bgrulois		370	Dec. 21, 2022, 8:28 p.m.
atrouill		655	Feb. 12, 2023, 12:26 a.m.
0xpwny_OR_ziggs.ma	https://thehackernewsbdarija.com/	295	Feb. 15, 2023, 1:01 a.m.
riblanc		1190	Feb. 15, 2023, 1:21 p.m.
asoursou	https://github.com/ChuOkupai	445	Feb. 18, 2023, 12:04 p.m.
pichuu		475	Feb. 18, 2023, 12:04 p.m.
alyildiz	https://github.com/0xSHIN	290	March 16, 2023, 4:49 a.m.
asarandi	https://github.com/asarandi	1755	April 28, 2023, 3:26 p.m.
Ardcord		1185	Oct. 23, 2023, 1:42 p.m.
mboivin	https://github.com/matboivin	815	Jan. 25, 2024, 8:24 p.m.
_karaskp_		270	Feb. 3, 2024, 11:48 p.m.
1felx		275	Feb. 17, 2024, 12:14 a.m.
MinjaeLee	https://github.com/MinjeaLee	1670	May 9, 2024, 4:05 a.m.
UncleReaton	https://unclereaton.dev	665	Feb. 7, 2025, 5:15 p.m.
hsabir-xoreaxeax	https://github.com/lenartlola	1440	April 16, 2025, 4:49 p.m.
ikkiw		975	May 24, 2025, 5:12 p.m.
timatias	https://github.com/tiagomatias930/tiagomatias930	610	June 12, 2025, 12:45 a.m.
melperri		505	July 7, 2025, 4:16 p.m.
pquline	https://github.com/pquline	525	July 9, 2025, 11:28 a.m.
clelia		175	July 9, 2025, 11:44 a.m.
skav	https://www.logogenie.fr	1715	Jan. 7, 2026, 11:56 a.m.
fdreijer		200	Jan. 18, 2026, 1:17 a.m.