APT 38

Published date : Feb. 18, 2022, 7 p.m.

URGENT

An internal report signals that a group of cyber-criminals, identified as north-koreans, is actively concealing health pass through illegal marketplaces on the dark web.

One of the considered lead is that the deemed secured "EU Digital COVID Certificate system" has been compromised by the group of cyber-criminals.
You will find a network capture of the compromission, the goal of your mission being to recover the data potentially exfiltrated by the attacker.

Solved by

Username	Website	Score	Date
arpascal	https://arnaud.sh	2035	Feb. 18, 2022, 8:25 p.m.
nieyraud		1105	Feb. 19, 2022, 12:54 a.m.
lmartin		1310	Feb. 19, 2022, 1:49 p.m.
chamada	https://42lyon.fr	685	March 1, 2022, 11:34 p.m.
TarteAuC		95	March 15, 2022, 1:21 a.m.
clinche	https://github.com/clinche	1225	March 17, 2022, 1:29 a.m.
pixailz@420v3rfl0w	https://github.com/Pixailz	920	March 17, 2022, 2:48 a.m.
sam0verfl0w	https://github.com/Unam3dd	1110	March 17, 2022, 2:49 a.m.
Syca	https://cyrihack.fr	1660	July 30, 2022, 1:30 a.m.
abouthib		1245	July 31, 2022, 5:33 p.m.
wow	https://friends42.fr	480	Oct. 8, 2022, 7:06 p.m.
ParesseuxRose		485	Dec. 15, 2022, 8:58 p.m.
bgrulois		505	Dec. 21, 2022, 8:28 p.m.
atrouill		890	Feb. 12, 2023, 12:26 a.m.
0xpwny_OR_ziggs.ma	https://thehackernewsbdarija.com/	405	Feb. 15, 2023, 1:01 a.m.
riblanc		1275	Feb. 15, 2023, 1:21 p.m.
asoursou	https://github.com/ChuOkupai	585	Feb. 18, 2023, 12:04 p.m.
pichuu		650	Feb. 18, 2023, 12:04 p.m.
alyildiz	https://github.com/0xSHIN	390	March 16, 2023, 4:49 a.m.
asarandi	https://github.com/asarandi	2300	April 28, 2023, 3:26 p.m.
Ardcord		1050	Oct. 23, 2023, 1:42 p.m.
mboivin	https://twitter.com/m4tya_	790	Jan. 25, 2024, 8:24 p.m.
_karaskp_		315	Feb. 3, 2024, 11:48 p.m.
1felx		350	Feb. 17, 2024, 12:14 a.m.
yeolee2	https://github.com/MinjeaLee	1445	May 9, 2024, 4:05 a.m.