Advent of Cyber - Day 16

Link: Advent Of Cyber 3 on TryHackMe

Question 1

You are the responding intelligence officer on the hunt for more information about the infamous "Grinch Enterprises" ransomware gang. As a response to the recent ransomware activity from Grinch Enterprises, your team has managed to collect a sample ransomware note.

!!! ВАЖНЫЙ !!!

Ваши файлы были зашифрованы Гринчем. Мы используем самые современные технологии шифрования.

Чтобы получить доступ к своим файлам, обратитесь к оператору Grinch Enterprises.

Ваш личный идентификационный идентификатор: «b288b97e-665d-4105-a3b2-666da90db14b».

С оператором, назначенным для вашего дела, можно связаться как "GrinchWho31" на всех платформах.

!!! ВАЖНЫЙ !!!

Answer: No answer needed

Question 2

What is the operator's username?

Answer: GrinchWho31

Question 3

What social media platform is the username associated with?

Using checkusernames.com:

Answer: Twitter

Question 4

What is the cryptographic identifier associated with the operator?

From Twitter:

Answer: 1GW8QR7CWW3cpvVPGMCF5tZz4j96ncEgrVaR

Question 5

What platform is the cryptographic identifier associated with?

Answer: keybase.io

Question 6

What is the bitcoin address of the operator?

From Keybase:

Answer: bc1q5q2w2x6yka5gchr89988p2c8w8nquem6tndw2f

Question 7

What platform does the operator leak the bitcoin address on?

This should be "Keybase" again, but it is apparently GitHub. Visit the GitHub mentioned in the previous task and go to the Christmas-Stealer repository and find the address.

Answer: GitHub

Question 8

What is the operator's personal email?

Go to the other repository's (ChristBASHTree) commit history, the latest commit removes some lines.

Answer: [email protected]

Question 9

What is the operator's real name?

See the previous question.

Answer: Donte Heath