Memory

DokDok Challenge Overview Name: DokDok Level: Easy Link: docker pull mmox/dokdok Scenario A CyAPT group abused a public Docker image to stage a quick web deployment and drop a memory-resident miner. The attacker attempted to cover their tracks by removing the payload after installation. Your job is to recover evidence from the image layers and answer three questions: Attacker wallet address (Ethereum-style 0x...) Cryptocurrency balance remaining in that wallet Malware group name (APT name) Flag format:...

Description: You are a Digital Forensics and Incident Response (DFIR) analyst tasked with investigating a ransomware attack that has affected a company's system. The attack has resulted in file encryption, and the attackers are demanding payment for the decryption of the affected files. You have been given a memory dump of the affected system to analyze and provide answers to specific questions related to the attack. Q1: Using a memory dump analysis, can you determine the date and time that the device was infected with the malware?...