Forum Discussion
Bronze IIIGOOTLOADER Downloader: Analysis
Hello - I've got all the answers apart from one (usual story with IL isn't it...)
5 What is the name of the domain that contains the obfuscated code
I've managed to extract three domain names using the mandiant python scripts but unable to determine {filename.php} from these - how can I get this last stage?
I have these candidates from this code...
((cant post code due to html error))
ww.lukeamiller.netslashtest.php
www.luckies.ccslashtest.php
www.ludovicmarque.frslashtest.php
Hey GusC ๐๐ป
Thank you for posting, I'm sorry for the delay in getting back to you.
I discussed this with one of my colleagues, who got back to me to share that for this task, you will need to run a decoder against the Underscore.js file, to find the domain and file name.
This should help you to locate the required answer needed to solve the task.
I hope this information helps ๐.
Kindest regards,
Chris
2 Replies
- ChrisKershaw
Community Support
Hey GusC ๐๐ป
Thank you for posting, I'm sorry for the delay in getting back to you.
I discussed this with one of my colleagues, who got back to me to share that for this task, you will need to run a decoder against the Underscore.js file, to find the domain and file name.
This should help you to locate the required answer needed to solve the task.
I hope this information helps ๐.
Kindest regards,
Chris
GusCHi Chris - yes that's perfect - I was simply looking at the wrong file!
Points collected and banked now - cheers - Gus
