Tryhackme - Threat Intelligence Tools

Tryhackme – Threat Intelligence Tools

In this walk through, we will be going through the Threat Intelligence Tools room from Tryhackme. In this room, we will explore different OSINT tools used to conduct security threat assessments and investigations. So, let’s get started without any delay.

Threat Intelligence Tools

Task 1 – Room Outline

Task 1 - Room Outline

Task 2 – Threat Intelligence

Question 1 – I’ve read on Threat Intel and the classifications

Done

Task 2 - Threat Intelligence

Task 3 – UrlScan.io

Question 1 – What is TryHackMe’s Cisco Umbrella Rank?

345612

Question 2 – How many domains did UrlScan.io identify?

13

Question 3 – What is the main domain registrar listed?

Namecheap Inc

Question 4 – What is the main IP address identified?

2606:4700:10::ac43:1b0a

Task 3 - UrlScan.io

Task 4 – Abuse.ch

Question 1 – The IOC 212.192.246.30:5555 is linked to which malware alias on ThreatFox?

Browse Database

Database Entry

Katana

Question 2 – Which malware is associated with the JA3 Fingerprint 51c64c77e60f3980eea90869b68c58a8 on SSL Blacklist?

SSL Blacklist

Dridex

Question 3 – From the statistics page on URLHaus, what malware-hosting network has the ASN number AS14061?

ASN report

DIGITALOCEAN-ASN

Task 4 - Abuse.ch

Task 5 – PhishTool

Question 1 – What organisation is the attacker trying to pose as in the email?

Linkedin

Linkedin

Question 2 – What is the senders email address?

Sender's email address

 [email protected]

Question 3 – What is the recipient’s email address?

[email protected]

Question 4 – What is the Originating IP address? Defang the IP address.

Originating IP address

204[.]93[.]183[.]11

Question 5 – How many hops did the email go through to get to the recipient?

4

Task 5 - PhishTool

Task 6 – Cisco Talos Intelligence

Question 1 – What is the listed domain of the IP address from the previous task?

Location Data

scnet.net 

Question 2 – What is the customer name of the IP address?

Complete Web Reviews

AbuseIPDB

Complete Web Reviews

Task 6 - Cisco Talos Intelligence

Task 7 – Scenario 1

Question 1 – According to Email2.eml, what is the recipient’s email address?

[email protected]

Question 2 – From Talos Intelligence, the attached file can also be identified by the Detection Alias that starts with an H…

sha256sum Proforma

Talos File Reputation

Associated Domains

HIDDENEXT/Worm.Gen

Task 8 – Scenario 2

Question 1 – What is the name of the attachment on Email3.eml?

Sales_Receipt.xls

Sales_Receipt 5606.xls

Question 2 – What malware family is associated with the attachment on Email3.eml?

sha256sum Sales_Receipt

Associated Domains

Dridex

Task 8 - Scenario 2

Task 9 – Conclusion

Task 9 - Conclusion

Also Read: Tryhackme – Startup

So that was “Threat Intelligence Tools” for you. We have covered the basics of threat intelligence & its classifications. Further, we used UrlScan.io to scan for malicious URLs and Abuse.ch to track malware and botnet indicators. At last, we investigate phishing emails using PhishTool and Cisco’s Talos Intelligence platform for intel gathering. On that note, i will take your leave and will see you in next one, Till then “Hack the Planet”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top