MISP — Malware Information Sharing Platform TryHackme Walkthrough
This write-up covers the MISP Room on TryHackMe.
Learning Path (s): Cyber Defense, SOC Level 1
Module: Threat & Vulnerability Management, Cyber Threat Intelligence
Skill: Malware Research and detection Tool, Threat Intelligence
MISP — Malware Information Sharing Platform: Sharing of structured threat information among security analysts, malware researchers, etc
MISP is effectively useful for the following use cases:
- Malware Reverse Engineering: Sharing of malware indicators to understand how different malware families function.
- Security Investigations: Searching, validating and using indicators in investigating security breaches.
- Intelligence Analysis: Gathering information about adversary groups and their capabilities.
- Law Enforcement: Using indicators to support forensic investigations.
- Risk Analysis: Researching new threats, their likelihood and occurrences.
- Fraud Analysis: Sharing of financial indicators to detect financial fraud.
Room Questions
Note: Due to Medium’s formatting, some elements are dropped. Please visit our Notion page for the full tutorial.
Setting up: Connect to the TryhackMe VM and Spawn the machine or Connect to THM’s network via OpenVPN
5.1 What event ID has been assigned to the PupyRAT event?
- Go to home and click on List events. In the filter search box, type in PupyRat.
5.2 The event is associated with the adversary gaining ______ into organizations.
- Look at the tags to find the answer.
5.3 What IP address has been mapped as the PupyRAT C2 Server?
- Scroll down in the event and look for ip-dst.
5.4 From the Intrusion Set Galaxy, what attack group is known to use this form of attack?
- No specific steps provided.
5.5 There is a taxonomy tag set with a Certainty level of 50. Which one is it?
- Click on Event actions -> list taxonomies -> search for certainty.
