GetPDF Blue Team Challenge

Category : Malware Analysis

4.4

Medium

How many URL path(s) are involved in this incident?

Weight : 50 | Solved : 1393

What is the URL which contains the JS code?

Weight : 100 | Solved : 1372

What is the URL hidden in the JS code?

Weight : 100 | Solved : 1209

What is the MD5 hash of the PDF file contained in the packet?

Weight : 50 | Solved : 1245

How many object(s) are contained inside the PDF file?

Weight : 100 | Solved : 1189

How many filtering schemes are used for the object streams?

Weight : 100 | Solved : 1033

What is the number of the 'object stream' that might contain malicious JS code?

Weight : 100 | Solved : 1034

Analyzing the PDF file. What 'object-streams' contain the JS code responsible for executing the shellcodes? The JS code is divided into two streams. Format: two numbers separated with ','. Put the numbers in ascending order

Weight : 150 | Solved : 790

The JS code responsible for executing the exploit contains shellcodes that drop malicious executable files. What is the full path of malicious executable files after being dropped by the malware on the victim machine?

Weight : 200 | Solved : 655

Q10

The PDF file contains another exploit related to CVE-2010-0188. What is the URL of the malicious executable that the shellcode associated with this exploit drop?

Weight : 200 | Solved : 742

Q11

How many CVEs are included in the PDF file?

Weight : 50 | Solved : 739

Instructions:

unzip the challenge (pass: cyberdefenders.org)

Scenario:

PDF format is the de-facto standard in exchanging documents online. Such popularity, however, has also attracted cyber criminals in spreading malware to unsuspecting users. The ability to generate malicious pdf files to distribute malware is a functionality that has been built into many exploit kits. As users are less cautious about opening PDF files, the malicious PDF file has become quite a successful attack vector.
The network traffic is captured in lala.pcap contains network traffic related to a typical malicious PDF file attack, in which an unsuspecting user opens a compromised web page, which redirects the user’s web browser to a URL of a malicious PDF file. As the PDF plug-in of the browser opens the PDF, the unpatched version of Adobe Acrobat Reader is exploited and, as a result, downloads and silently installs malware on the user’s machine.

As a soc analyst, analyze the PDF and answer the questions.

Supportive resources:

Helpful Tools:

Stuck? Don't worry

We've got you covered! 🛠️ Head over to the community lab channel for guidance #getpdf channel

SHA1SUM:

81b99e0094edde5de6cec7d9f5cd391d9eca3eb2
Password:

cyberdefenders.org
Size:

30 KB
Published:

Feb. 12, 2022, midnight

First blood

0xSh3rl0ck

595 days ago

Last solve

kimuragorgon

1 day ago

GetPDF Blue Team Challenge

Category : Malware Analysis

cve

exploit

macro

PDF

Scenario:

Supportive resources: