Challenge: Kryptic Ransomware

You know what he likes. Maybe he does something similar?

This challenge is borked in my opinion. Foothold data should be publicly accessible without need to register on some more-or-less shady websites (that are not free btw).

nudges pls.
edit:
got the flag thanks to @sh4d0wless @sparrow1 i was really in deep rabbit hole and overthinking it
my advice is: don’t forget it’s an OSINT don’t go too deep

Got to the L**** f***. Stuck now., I can’t seem to find any new direction.
Could anybody pm me with a nudge

I don’t get it.
Found the p********* mail address of the leader and via this address his t***** account. Found the event that he liked/visited, but the coordinates of google maps of the place where the event was held didn’t work. Even the location of a following date of this event isn’t working

Yeah, I think I need a hint as well. It feels like I’m super close, I just don’t have the exact right coordinates. OR, I took a wrong turn awhile back.
Edit: Nevermind, some time away, and I’m back on track.

I’m in t*****r but i don’t see the next step. A nudge would be appreciated. Thanks.

I got it!!! Thanks a lot to @MountainMan, @Sparrow1, @ZloyObezyan, @Hellburpp!!! Obstinacy in a path it is no good.

Guys, I need help determining the location of this impudent guy

There is data on his gmail and protonmail.com mails by gmail mail, it seems, I did not find anything what to do hmmm

Ok so I solved this using hints on the forum + some googling to find the link between domain and the registrant email, but can someone help me with how they get the initial p********* email without w****, as that seems to not work anymore.

The field that should have the info is now:

Registrant Email: Select Contact Domain Holder…

A DM with how to do it without w**** would be really appreciated, because I feel the way I got it isn’t really applicable in the majority of cases.

Completed!

All in all not a huge fan of this one since the initial “lead” is hard to come by. Huge shoutout to @SuperVish for some help getting me out of rabbit holes.

If you can find the T****** you are on the right track, and as @ElleuchX1 said, don’t forget it’s an OSINT challenge. Keep the original goal/challenge prompt in the back of your head as you look at things.

~ Feel free to PM me if you need a nudge

Found 127.0.0.1. Got the coordinates from the post metadata using ****tool and looked that up on Maps to get decimal format, when I enter the coordinates I get “none was found at that location” so I’m pretty sure I’ve got the right format for the key.

I’ve tried the process of looking up the decimal coordinates and submitting both in Firefox and Chromium, just in case. I’ve tried alternative tools to extract the coordinates.

Unless I’m looking for a different location, I assume there’s some sort of error (rounding in the GPS extraction/conversion?) at play.

My hint for this is to take not on the zeus how many decimal places it is expecting and ensure you give it what it wants.

I could use a push in the right direction here.

I’ve gleaned off this thread that there’s supposed to be a p********* email you get from a w**** lookup of the url you can find in the provided files. Some people in here are talking about that step being broken, and I think it may be again, as a w**** doesn’t return any useful information.

Would someone mind PMing me how to get that email if this is the case? If no a nudge in where I’m off course please. Haven’t been able to find anything with just the domain and keywords in the zip.

Thanks!

solved !
at first i thought it’s broken, important use correct converter ._.

whois data has been redacted by namecheap and by what i read here it shouldnt be.

So it the challenge still up? I cannot see anything useful in the w**** comparing to what people are commenting here. I am stuck at the foothold…

Is this challenge still possible to complete? I have found the twitter user, but I am unsure how to continue with this challenge.

@davisf said:
Is this challenge still possible to complete? I have found the twitter user, but I am unsure how to continue with this challenge.

Would also love to complete this challenge. Grateful for any nudges.

Hello everyone, Somebody here know how to remove the (STAX ransomware) .stax files