GitPwned
MediumOpen Source Cyber Intelligence
Overview
My friend received an email from a company called AutoSquare Stores. The email provided him with a link to a project on BitBucket and asked if he could work on such a project with them. They asked my friend to do a coding test, such as adding a feature to an existing project. This happened in the start of 2025. My friend downloaded the project and ran it, then some suspected behaviors happened. It seems he has been trapped into some sort of targeting developers' malicious campaign. After a while of searching, I found out my friend was part of a threat actor's campaign. Your tasks: Determine what is the name of the downloader malware used in this operation What is the domain name that the malicious .dll tries to connect to What is the name of the tool the threat actors used for persistence Flag format: flag{MalwareName_www.x.x_softwarename}
Lab Details
Prerequisites & Requirements
- Basic OSINT (Open Source Intelligence) research skills
- Familiarity with threat intelligence platforms (e.g., VirusTotal)
- Ability to interpret dynamic malware analysis and sandbox reports
- Basic understanding of malware persistence mechanisms and C2 infrastructure
What will you learn?
- How to track threat actor campaigns starting from an initial phishing vector
- Techniques for investigating malicious files and domains using public threat intelligence
- How to extract Indicators of Compromise (IoCs) such as C2 domains from sandbox network connections
- Identifying specific malware families (e.g., BeaverTail) and persistence tools (e.g., AnyDesk) through security research
Tools
- Web Browser: For general OSINT research and accessing security articles
- VirusTotal: For analyzing malware behavior and accessing sandbox reports (e.g., Zenbox)
- Search Engine: To discover related threat intelligence reports and security community discussions
Job Positions
Ethical Hacker
Tags
Threat IntelligenceDomain NamePivotAdversary ProfileInfrastructure Analysis