APT 38

Published date : Feb. 18, 2022, 7 p.m.

URGENT

An internal report signals that a group of cyber-criminals, identified as north-koreans, is actively concealing health pass through illegal marketplaces on the dark web.

One of the considered lead is that the deemed secured "EU Digital COVID Certificate system" has been compromised by the group of cyber-criminals.
You will find a network capture of the compromission, the goal of your mission being to recover the data potentially exfiltrated by the attacker.

Solved by

Username	Website	Score	Date
arpascal	https://arnaud.sh	1525	Feb. 18, 2022, 8:25 p.m.
nieyraud		795	Feb. 19, 2022, 12:54 a.m.
lmartin		980	Feb. 19, 2022, 1:49 p.m.
chamada	https://42lyon.fr	495	March 1, 2022, 11:34 p.m.
TarteAuC		80	March 15, 2022, 1:21 a.m.
clinche	https://github.com/clinche	1710	March 17, 2022, 1:29 a.m.
pixailz@420v3rfl0w	https://github.com/Pixailz	810	March 17, 2022, 2:48 a.m.
sam0verfl0w	https://github.com/Unam3dd	790	March 17, 2022, 2:49 a.m.
Syca	https://cyrihack.fr	1225	July 30, 2022, 1:30 a.m.
abouthib		880	July 31, 2022, 5:33 p.m.
wow	https://friends42.fr	325	Oct. 8, 2022, 7:06 p.m.
ParesseuxRose		345	Dec. 15, 2022, 8:58 p.m.
bgrulois		360	Dec. 21, 2022, 8:28 p.m.
atrouill		635	Feb. 12, 2023, 12:26 a.m.
0xpwny_OR_ziggs.ma	https://thehackernewsbdarija.com/	280	Feb. 15, 2023, 1:01 a.m.
riblanc		1155	Feb. 15, 2023, 1:21 p.m.
asoursou	https://github.com/ChuOkupai	475	Feb. 18, 2023, 12:04 p.m.
pichuu		465	Feb. 18, 2023, 12:04 p.m.
alyildiz	https://github.com/0xSHIN	285	March 16, 2023, 4:49 a.m.
asarandi	https://github.com/asarandi	1710	April 28, 2023, 3:26 p.m.
Ardcord		1155	Oct. 23, 2023, 1:42 p.m.
mboivin	https://github.com/matboivin	785	Jan. 25, 2024, 8:24 p.m.
_karaskp_		265	Feb. 3, 2024, 11:48 p.m.
1felx		270	Feb. 17, 2024, 12:14 a.m.
MinjaeLee	https://github.com/MinjeaLee	1625	May 9, 2024, 4:05 a.m.
UncleReaton	https://unclereaton.dev	650	Feb. 7, 2025, 5:15 p.m.
hsabir-xoreaxeax	https://github.com/lenartlola	1405	April 16, 2025, 4:49 p.m.
ikkiw		950	May 24, 2025, 5:12 p.m.
timatias	https://github.com/tiagomatias930/tiagomatias930	835	June 12, 2025, 12:45 a.m.
melperri		495	July 7, 2025, 4:16 p.m.
pquline	https://github.com/pquline	510	July 9, 2025, 11:28 a.m.
clelia		170	July 9, 2025, 11:44 a.m.
skav	https://www.logogenie.fr	1670	Jan. 7, 2026, 11:56 a.m.
fdreijer		200	Jan. 18, 2026, 1:17 a.m.
h00kz_		470	April 1, 2026, 9:52 p.m.