This is a Write up for the MITRE Room Created by heavenraiza


TASK 1 & 2 are simple click and complete tasks



Question 1: Only blue teamers will use the ATT&CK Matrix? (Yay/Nay)


Question 2: we need to head over to

*Keep in mind it mentions to start your research on the Phishing page


Question 3: is found under the Mitigations section on the Phishing page


Question 4: can be found under the Detection section of this same page


Question 5: Is located on the same page near the top


Question 6: click on the Groups link to learn more about them and the information is located under

Associated Group Descriptions


Question 7: is located under the Software Section


Question 8: is found when we click the hyperlink for PsExec we are led to a page about the tool and who has been known to use it and this will help us answer this question.


Question 9: Click on the FIN5 Group hyperlink to be taken to their page to find the next answers


Question 10: This located under the software section where we learn that the Windows Credential Editor is used by FIN5


And here is our TASK 3 Recap


Task 4

Question 1: Splunk search is pseudo


Question 2: Head to and click on the search icon on the top right and enter TA0003, if we click on the first link we are then taken to What type of Tactic this is.


Question 3: Head to and I searched for Zeek


Question 4: Head to and I searched for hash ( only 3 results )


Question 5: There is a section for Test Cases located on the same page

TASK 4 Recap



Question 1 & 2: we need to go to > Matrix > this lists all the techniques and we see that Detect has the most.


Question 3: all we need to do is a quick search from the search bar shows that DTE0011 is Decoy Content >


Question 4: involves continuing your search from the DTE0011


Question 5: > get here by using the navigation bar and clicking Att&ck Mapping > Overview > then a few lines down there is a hyperlink for the complete mapping.


Task 5 Recap



Question 1: Click the APT3 hyperlink they provided in the room to find this answer


Question 2: This can be located via > Phase 2 > Persistence | utilize the table of contents to find this easily!


Question 3: This can be found by reading the First Scenario section via 


Question 4: This can be found by reading the Second Scenario section via 

Task 6 Recap



Question 1 & 2: We need to head back to MITRE and use the navigation bar to search groups ( or here is a link ) a search on the page for Aviation reveals that APT33 is the group who may target us in this scenario

Question 3: Go to the APT33 Group page > scroll to software


Question 4: If we Take a look at what Techniques they use under T1078.004 we find the information below to help us find this answer


Question 5: Further on this page we have a Detection writeup that we can use.


Question 6: On the top right of the page we will find the ID information to finish up this room!

Task 7 Recap


Thanks for stopping by and I hope this is able to help you complete any tasks/questions that were proving difficult to find!



2 thoughts on “MITRE TryHackMe Write-up

  1. Thanks for the help! I was stuck on the last question of Task 6 (I could not find that phrase referenced anywhere). This helped!

Comments are closed.