Tryhackme - Threat Intelligence Tools

Tryhackme – Threat Intelligence Tools

In this walk through, we will be going through the Threat Intelligence Tools room from Tryhackme. In this room, we will explore different OSINT tools used to conduct security threat assessments and investigations. So, let’s get started without any delay.

Threat Intelligence Tools

Task 1 – Room Outline

Task 1 - Room Outline

Task 2 – Threat Intelligence

Question 1 – I’ve read on Threat Intel and the classifications


Task 2 - Threat Intelligence

Task 3 –

Question 1 – What is TryHackMe’s Cisco Umbrella Rank?


Question 2 – How many domains did identify?


Question 3 – What is the main domain registrar listed?

Namecheap Inc

Question 4 – What is the main IP address identified?


Task 3 -

Task 4 –

Question 1 – The IOC is linked to which malware alias on ThreatFox?

Browse Database

Database Entry


Question 2 – Which malware is associated with the JA3 Fingerprint 51c64c77e60f3980eea90869b68c58a8 on SSL Blacklist?

SSL Blacklist


Question 3 – From the statistics page on URLHaus, what malware-hosting network has the ASN number AS14061?

ASN report


Task 4 -

Task 5 – PhishTool

Question 1 – What organisation is the attacker trying to pose as in the email?



Question 2 – What is the senders email address?

Sender's email address

 [email protected]

Question 3 – What is the recipient’s email address?

[email protected]

Question 4 – What is the Originating IP address? Defang the IP address.

Originating IP address


Question 5 – How many hops did the email go through to get to the recipient?


Task 5 - PhishTool

Task 6 – Cisco Talos Intelligence

Question 1 – What is the listed domain of the IP address from the previous task?

Location Data 

Question 2 – What is the customer name of the IP address?

Complete Web Reviews


Complete Web Reviews

Task 6 - Cisco Talos Intelligence

Task 7 – Scenario 1

Question 1 – According to Email2.eml, what is the recipient’s email address?

[email protected]

Question 2 – From Talos Intelligence, the attached file can also be identified by the Detection Alias that starts with an H…

sha256sum Proforma

Talos File Reputation

Associated Domains


Task 8 – Scenario 2

Question 1 – What is the name of the attachment on Email3.eml?


Sales_Receipt 5606.xls

Question 2 – What malware family is associated with the attachment on Email3.eml?

sha256sum Sales_Receipt

Associated Domains


Task 8 - Scenario 2

Task 9 – Conclusion

Task 9 - Conclusion

Also Read: Tryhackme – Startup

So that was “Threat Intelligence Tools” for you. We have covered the basics of threat intelligence & its classifications. Further, we used to scan for malicious URLs and to track malware and botnet indicators. At last, we investigate phishing emails using PhishTool and Cisco’s Talos Intelligence platform for intel gathering. On that note, i will take your leave and will see you in next one, Till then “Hack the Planet”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top