Talonkarrade
2 min readDec 19, 2024

Hacktoria contract “Cyptic Spectre” Writeup

The contract is listed as medium difficulty.

Initial briefing as follows

“Briefing
Greetings, Special Agent.

The cyber battlefield has shifted. A high-profile organization has fallen victim to a highly sophisticated attack, and the evidence points to a lurking menace operating in the shadows. Our team has intercepted a critical piece of the puzzle—a single malware hash retrieved from the wreckage.

This is no ordinary breach. The complexity of the attack suggests the involvement of an Advanced Persistent Threat (APT), a shadowy collective of cyber operatives known for their patience, precision, and relentless pursuit of their objectives. These groups don’t strike randomly—they’re hunters with a target in mind, often with devastating consequences.

The stakes couldn’t be higher. Our initial analysis hints that this could be part of a broader campaign, one designed to disrupt, steal, or destroy. Every second we delay could mean further damage to critical infrastructure, the exposure of sensitive information, or worse—an escalation in their endgame.

As always, Special Agent. The contract is yours, if you choose to accept.”

The initial starting point is a malware hash and the flag file is unlocked with APTgroupname_targetofattack

So from this it seems reasonable that we are looking for an APT number and significant attack target of value to unlock the badge.

I copied the hash value and put that into the search option on virus total, seemingly the best starting point.

This gave a number of hits and some references that looked sensible to read. Of these the Thor result gave a name to the APT group, Fancy Bear, which with a quick Wikipedia search confirmed an APT number of 28. Another virus total result led to a Crowd strike report on an APT28 attack on the Democratic National Committee, during the 2016 US elections.

This seemed a reasonable target to be the second part of the flag file and so APT28_democraticnationalcommittee was dropped into the password unlock and bingo badge achieved.

Overall this is probably more an easy challenge given the use of 1 website to provide information on the hash which gives you references that will quickly show the two flag file elements, however that does assume knowledge of Virus Total in the first instance!

No responses yet