CyCTF2025 Qual DFIR Official writeup
DokDok Challenge Overview Name: DokDok Level: Easy Link: docker pull mmox/dokdok Scenario A CyAPT group abused a public Docker image to stage a quick web deployment and drop a memory-resident miner. The attacker attempted to cover their tracks by removing the payload after installation. Your job is to recover evidence from the image layers and answer three questions: Attacker wallet address (Ethereum-style 0x...) Cryptocurrency balance remaining in that wallet Malware group name (APT name) Flag format:...