The Dutch Hacker
misp on Tryhackme

MISP on Tryhackme

This is the write up for the Room MISP on Tryhackme and it is part of the Tryhackme Cyber Defense Path

Make a connection with VPN or use the attack box on the Tryhackme site to connect to the Tryhackme lab environment


Task 1

Read all that is in this task and press complete

Task 2

Read all that is in this task and press complete.

MISP is effectively useful for the following use cases:

  • Malware Reverse Engineering: Sharing of malware indicators to understand how different malware families function.
  • Security Investigations: Searching, validating and using indicators in investigating security breaches.
  • Intelligence Analysis: Gathering information about adversary groups and their capabilities.
  • Law Enforcement: Using indicators to support forensic investigations.
  • Risk Analysis: Researching new threats, their likelihood and occurrences.
  • Fraud Analysis: Sharing of financial indicators to detect financial fraud.

Task 3

Start the machine attached to this task. One started, Use the credentials provided to log in to the Analyst Account

Add a new event as described in this task. The populate from was not working with my box but it was not a show stopper just continue

3.1 How many distribution options does MISP provide to share threat information?

Answer: 4

3.2 Which user has the role to publish events?

Answer: organisation admin

Task 4

Read all that is in this task and press complete.

Task 5

5.1 What event ID has been assigned to the PupyRAT event?

Go to home and click on List events. In the filter search box type in PupyRat

Answer: 1146

5.2 The event is associated with the adversary gaining ______ into organisations.

Look at the tags the find the answer

Answer: Remote Access

5.3 What IP address has been mapped as the PupyRAT C2 Server

Scroll down in the event and look for ip-dst


5.4 From the Intrusion Set Galaxy, what attack group is known to use this form of attack?

Answer: Magic Hound

5.5 There is a taxonomy tag set with a Certainty level of 50. Which one is it?

Click on Event actions -> list taxonomies -> search for certainty

Misp walkthrough on try hackme
Answer: OSINT

Task 6

Read all that is in this task and press complete

Most Popular Post

Sign Up

Signup today for free and be the first to get notified on new updates.
* indicates required

Follow Me

Most Popular Post

Contact Us