ItsyBitsy

How many events were returned for the month of March 2022?

1482

What is the IP associated with the suspected user in the logs?

192.166.65.54

The user’s machine used a legit windows binary to download a file from the C2 server. What is the name of the binary?

bitsadmin

The infected machine connected with a famous filesharing site in this period, which also acts as a C2 server used by the malware authors to communicate. What is the name of the filesharing site?

pastebin.com

What is the full URL of the C2 to which the infected host is connected?

pastebin.com/yTg0Ah6a

A file was accessed on the filesharing site. What is the name of the file accessed?

secret.txt

The file contains a secret code with the format THM{_____}.

THM{SECRET__CODE}

Page updated

Google Sites

Report abuse