Pyramid Of Pain
Analyse the report associated with the hash "b8ef959a9176aef07fdca8705254a163b50b49a17217a4ff0107487f59d4a35d" here. What is the filename of the sample?
Sales_Receipt 5606.xls
What IP address does the malicious process (PID 1632) attempt to communicate with?
50.87.136.52
What is the domain name this malicious process ((PID 1632) attempts to communicate with?
craftingalegacy.com
Go to this report on app.any.run and provide the first malicious URL request you are seeing, you will be using this report to answer the remaining questions of this task.
craftingalegacy.com
What term refers to an address used to access websites?
Domain Name
What type of attack uses Unicode characters in the domain name to imitate the a known domain?
Punycode attack
Provide the redirected website for the shortened URL using a preview: https://tinyurl.com/bw7t8p4u
A process named regidle.exe makes a POST request to an IP address on port 8080. What is the IP address?
96.126.101.6
The actor drops a malicious executable (EXE). What is the name of this executable?
G_jugk.exe
Look at this report by Virustotal. How many vendors determine this host to be malicious?
9
What browser uses the User-Agent string shown in the screenshot above?
Internet Explorer
How many POST requests are in the screenshot from the pcap file?
6
Provide the method used to determine similarity between the files
Fuzzy Hashing
Provide the alternative name for fuzzy hashes without the abbreviation
context triggered piecewise hashes
Navigate to ATT&CK Matrix webpage. How many techniques fall under the Exfiltration category?
9
Chimera is a China-based hacking group that has been active since 2018. What is the name of the commercial, remote access tool they use for C2 beacons and data exfiltration?
Cobalt Strike