Scenario

A blockchain development company detected unusual activity when an employee was redirected to an unfamiliar website while accessing a DAO management platform. Soon after, multiple cryptocurrency wallets linked to the organization were drained. Investigators suspect a malicious tool was used to steal credentials and exfiltrate funds.

Your task is to analyze the provided intelligence to uncover the attack methods, identify indicators of compromise, and track the threat actor’s infrastructure.

**https://cyberdefenders.org/blueteam-ctf-challenges/tusk-infostealer/**

523d4eb71af86090d2d8a6766315a027fdec842041d668971bfbbbd1fe826722

1- In KB, what is the size of the malicious file?

921.36

by searching the hash in VirusTotal and look in details will find the file size

2- What word do the threat actors use in log messages to describe their victims, based on the name of an ancient hunted creature?

Mammoth

searching with the hash i start looking at the reports and find the answer in this report

https://securelist.com/tusk-infostealers-campaign/113367/

3- The threat actor set up a malicious website to mimic a platform designed for creating and managing decentralized autonomous organizations (DAOs) on the MultiversX blockchain (peerme.io). What is the name of the malicious website the attacker created to simulate this platform?

tidyme.io

we can find the answer in the same report (other answers as well)