MISP

How many distribution options does MISP provide to share threat information?

We can see we have 4 option to share to different communities.

Which user has the role to publish events?

Through our reading we can see the organisation admin has the ability to publish events

What event ID has been assigned to the PupyRAT event?

While is MISP we can search for Pupy and we can see the event id of 1146

The event is associated with the adversary gaining ______ into organisations.

The hint asks what RAT stands for, so we can assume its gaining remote access

What IP address has been mapped as the PupyRAT C2 Server

If we search our attributes for the event id we can see the c2 server is 89.107.62.39

From the Intrusion Set Galaxy, what attack group is known to use this form of attack?

Looking at the Galaxies we can see Magic hound is the group that is know to use pupy

There is a taxonomy tag set with a Certainty level of 50. Which one is it?

We can see in the tags a tag of osint:certainty=50