This post will detail a walkthrough of the Red Team Threat Intel room. I will be using the AttackBox browser VM to complete this room. Answers are bolded following the questions. Answers to tasks/questions with no answer simply have a –. Information in parenthesis following the answer are hints to explain how I found the answer.
https://tryhackme.com/room/redteamthreatintel
Task 1: Introduction
- Read the above and continue to the next task.
–
Task 2: What is Threat Intelligence
- Read the above and continue to the next task.
–
Task 3: Applying Threat Intel to the Red Team
- Read the above and continue to the next task.
–
Task 4: The TIBER-EU Framework
- Read the above and continue to the next task.
–
Task 5: TTP Mapping
- Read the above and use MITRE ATT&CK Navigator to answer the questions below using a Carbanak layer.
– - How many Command and Control techniques are employed by Carbanak?
2 - What signed binary did Carbanak use for defense evasion?
rundll32 - What Initial Access technique is employed by Carbanak?
valid accounts
Task 6: Other Red Team Applications of CTI
- Read the above and continue to the next task.
Task 7: Creating a Threat Intel Driven Campaign
- Once the chain is complete and you have received the flag, submit it below.
THM{7HR347_1N73L_12_4w35om3} - What web shell is APT 41 known to use?
ASPXSpy (https://attack.mitre.org/groups/G0096/) - What LOLBAS (Living Off The Land Binaries and Scripts) tool does APT 41 use to aid in file transfers?
certutil - What tool does APT 41 use to mine and monitor SMS traffic?
MESSAGETAP
Task 8: Conclusion
- Read the above and continue learning!
–