Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the ultimate-blocks domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/margheri/public_html/wp-includes/functions.php on line 6121

Notice: _load_textdomain_just_in_time işlevi yanlış çağrıldı. Translation loading for the perfect-portfolio domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Ayrıntılı bilgi almak için lütfen WordPress hata ayıklama bölümüne bakın. (Bu ileti 6.7.0 sürümünde eklendi.) in /home/margheri/public_html/wp-includes/functions.php on line 6121
TryHackMe: OpenCTI Writeup - Aleyna Doğan

TryHackMe: OpenCTI Writeup

The room: “Provide an understanding of the OpenCTI Project”

https://tryhackme.com/room/opencti

Task 4: OpenCTI Dashboard 1

4.1. What is the name of the group that uses the 4H RAT malware?

Putter Panda

4.2. What kill-chain phase is linked with the Command-Line Interface Attack Pattern? 

execution-ics

4.3. Within the Activities category, which tab would house the Indicators?

observations

Task 5: OpenCTI Panosu 2

5.1. What Intrusion sets are associated with the Cobalt Strike malware with a Good confidence level? (Intrusion1, Intrusion2)

CopyKittens, FIN7

5.2. Who is the author of the entity?

The MITRE Corporation

Task 6:  Investigative Scenario

6.1. What is the earliest date recorded related to CaddyWiper?  Format: YYYY/MM/DD

2022/03/15

6.2. Which Attack technique is used by the malware for execution?

Native API

6.3. How many malware relations are linked to this Attack technique?

113

6.4. Which 3 tools were used by the Attack Technique in 2016? (Ans: Tool1, Tool2, Tool3)

BloodHound, Empire, ShimRatReporter

6.5. What country is APT37 associated with?

North Korean

6.6. Which Attack techniques are used by the group for initial access? (Ans: Technique1, Technique2)

T1189, T1566

a

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir