Haunted — Blue Team Labs Online Write-up

Haunted

One of the company’s websites has been defaced, raising alarms. Collaborate with other analysts to uncover the identity of the adversary and assess the situation.

Category: Threat Intelligence
Tools: exiftool, CyberChef, officemalscanner

Lab Scenario

Haunted Company Inc., a long-established Credit Reporting Agency, has been successfully operating in major financial hubs such as New York, London, and Tokyo. As a privately owned entity without external investors, the company has maintained consistent client satisfaction and steady earnings reports. With plans for expansion, the management has decided to take the company public, and the Initial Public Offering (IPO) is scheduled to occur within the next few days.
However, a crisis emerged just as the IPO date approaches. One of the company’s websites has been defaced, raising alarms. Shortly after, it is discovered that the company’s Tokyo server has come under attack. Concerned about the timing and the potential damage to the company’s reputation, the management is determined to identify the threat actor behind this attack and understand the breach mechanism to create detection before the IPO.
As a Threat Intelligence Analyst, you are tasked with collaborating with other analysts to uncover the identity…