THREAT INTELLIGENCE -TryHackMe

0xsanz
4 min readMar 4, 2021

This is a walk-through of another TryHackeMe’s room name Threat Intelligence.This can be found here:

https://tryhackme.com/room/threatintelligence

Description

This lab will try to walk an SOC Analyst through the steps that they would take to assist in breach mitigation and identifying important data from a Threat Intelligence report.Although this room answers are mostly searching and reading the articles but it teaches about few very good concepts from a SOC analyst point of view and Cyber Security in venereal. They are:

  • Red Team Tools
  • Advanced Persistent Threat(APT)
  • IoT (Internet of Things)
  • Zero-Day Exploit
  • Blue Team

Details of these terms are in the room.

Supply Chain Attack

From WikiPedia:
A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less-secure elements in the supply chain.

The Focus of this lab is on a recent highly evasive attack which leverages SolarWinds supply chain to compromise multiple global victims with SUNBURST backdoor.This attack was detected by a company named FireEye in Dec 2020. Ironically in the same month FireEye was also hacked in which their own Red team tools were stolen.

[Task 3] Analyze Threat Intelligence

It’s time to answer the questions asked.Most of the answers are from this link,unless another link is specified in the answers below :

https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html

After reading the report what did FireEye name the APT?

Executive Summary section tell us the APT name :UNC2452

FireEye released some information to help security organizations Blue Team to detect the tools which have been leaked. What ‘multiple languages’ can you find the rules? [Ans Format: *****|****|***|****** ]

From this GitHub page: Snort|Yara|IOC|ClamAV

0xsanz

Software Developer having keen interest in Security, Privacy and Pen-testing. Certs:- Security+,PenTest+,AZ900,AZ204