This is a walk-through of another TryHackeMe’s room name Threat Intelligence.This can be found here:
This lab will try to walk an SOC Analyst through the steps that they would take to assist in breach mitigation and identifying important data from a Threat Intelligence report.Although this room answers are mostly searching and reading the articles but it teaches about few very good concepts from a SOC analyst point of view and Cyber Security in venereal. They are:
- Red Team Tools
- Advanced Persistent Threat(APT)
- IoT (Internet of Things)
- Zero-Day Exploit
- Blue Team
Details of these terms are in the room.
Supply Chain Attack
A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less-secure elements in the supply chain.
The Focus of this lab is on a recent highly evasive attack which leverages SolarWinds supply chain to compromise multiple global victims with SUNBURST backdoor.This attack was detected by a company named FireEye in Dec 2020. Ironically in the same month FireEye was also hacked in which their own Red team tools were stolen.
[Task 3] Analyze Threat Intelligence
It’s time to answer the questions asked.Most of the answers are from this link,unless another link is specified in the answers below :
After reading the report what did FireEye name the APT?
Executive Summary section tell us the APT name :UNC2452
FireEye released some information to help security organizations Blue Team to detect the tools which have been leaked. What ‘multiple languages’ can you find the rules? [Ans Format: *****|****|***|****** ]
From this GitHub page: Snort|Yara|IOC|ClamAV