These notes mirrored from Zach Riggle's gist summarizing the fun from this challenge.
secuinside challenge malware
Just a small present which was in one of the SecuInside Finals challenge binaries. The source appears to be that a South Korean government mail server was hacked, and challenge binaries being sent by the organizers went over it, and were thus infected themselves.
It doesn't look like it was active or invoked from anywhere, but then I didn't look too hard either. All it does is grab /etc/passwd and shuttles it off to some AWS node.
There's a really cool story behind this incident, involving the South Korean government arresting CTF players, which you can hear about here: https://www.youtube.com/watch?v=Jnh8PK9iQco
![[ICO]](/indices/icons/blank.gif){kind=icon} | Name | Last modified | Size | Description |
|---|---|---|---|---|
![[PARENTDIR]](/indices/icons/back.png){kind=icon} | Parent Directory | - | ||
![[ ]](/indices/icons/compressed.gif){kind=icon} | 19cd983d58eef2e5c7881ae8407e76d6_pw_infected.zip | 2014-07-30 15:14 | 4.8K | |
![[ ]](/icons/p.gif){kind=icon} | decode.py | 2015-09-22 22:07 | 3.9K | |
![[ ]](/indices/icons/text.png){kind=icon} | payload | 2015-09-22 22:12 | 208 |
Indices 1.1