APT

MediumOsci

Overview

We are currently tracking a dangerous threat actor who has been active across multiple underground forums. Intelligence suggests he may be planning or coordinating disruptive campaigns targeting financial institutions and critical infrastructure.

We believe this individual is using several aliases across forums to mask his identity and maintain operational security. However, a pattern of communication style, wallet reuse, and thematic content has emerged.

We need your OSINT expertise to uncover the following:

X: The real or real of this actor (***** ***)
Y: The transaction ID of a suspicious cryptocurrency payment believed to have funded his initial operations.
Z: The likely APT group this actor may be aligned with based on his language, username, emails used.

Flag format: flag{X:Y:Z}

Use the forum links provided in the file to begin your investigation.

Lab Details

Prerequisites & Requirements

Solid understanding of OSINT investigation techniques and methodologies
Familiarity with identifying reused digital identities (emails, usernames, avatars)
Knowledge of cryptocurrency transactions and using blockchain explorers
Ability to correlate digital clues to known threat actor groups (e.g., APTs)

What will you learn?

How to uncover hidden identities using compromised forum databases
How to trace the reuse of usernames and email addresses across platforms
How to leverage avatar metadata and user bios to extract meaningful intelligence
How to identify cryptocurrency transactions using partial information
How to perform APT attribution by matching known behavioral traits and aliases

Tools

GitHub for locating leaked datasets and repositories
Epieos for email and metadata lookups
Gravatar to discover avatars and embedded identity clues
Blockchair to analyze cryptocurrency transactions
Online translation tools (Google Translate, DeepL)
Threat intelligence databases for APT group profiling

Job Positions

Threat Intelligence Analyst

APT

Overview

Lab Details

Job Positions

Tags