In this walk through, we will be going through the Threat Intelligence Tools room from Tryhackme. In this room, we will explore different OSINT tools used to conduct security threat assessments and investigations. So, let’s get started without any delay.
Table of Contents
Task 1 – Room Outline
Task 2 – Threat Intelligence
Question 1 – I’ve read on Threat Intel and the classifications
Done
Task 3 – UrlScan.io
Question 1 – What is TryHackMe’s Cisco Umbrella Rank?
345612
Question 2 – How many domains did UrlScan.io identify?
13
Question 3 – What is the main domain registrar listed?
Namecheap Inc
Question 4 – What is the main IP address identified?
2606:4700:10::ac43:1b0a
Task 4 – Abuse.ch
Question 1 – The IOC 212.192.246.30:5555 is linked to which malware alias on ThreatFox?
Katana
Question 2 – Which malware is associated with the JA3 Fingerprint 51c64c77e60f3980eea90869b68c58a8 on SSL Blacklist?
Dridex
Question 3 – From the statistics page on URLHaus, what malware-hosting network has the ASN number AS14061?
DIGITALOCEAN-ASN
Task 5 – PhishTool
Question 1 – What organisation is the attacker trying to pose as in the email?
Linkedin
Question 2 – What is the senders email address?
[email protected]
Question 3 – What is the recipient’s email address?
[email protected]
Question 4 – What is the Originating IP address? Defang the IP address.
204[.]93[.]183[.]11
Question 5 – How many hops did the email go through to get to the recipient?
4
Task 6 – Cisco Talos Intelligence
Question 1 – What is the listed domain of the IP address from the previous task?
scnet.net
Question 2 – What is the customer name of the IP address?
Complete Web Reviews
Task 7 – Scenario 1
Question 1 – According to Email2.eml, what is the recipient’s email address?
[email protected]
Question 2 – From Talos Intelligence, the attached file can also be identified by the Detection Alias that starts with an H…
HIDDENEXT/Worm.Gen
Task 8 – Scenario 2
Question 1 – What is the name of the attachment on Email3.eml?
Sales_Receipt 5606.xls
Question 2 – What malware family is associated with the attachment on Email3.eml?
Dridex
Task 9 – Conclusion
Also Read: Tryhackme – Startup
So that was “Threat Intelligence Tools” for you. We have covered the basics of threat intelligence & its classifications. Further, we used UrlScan.io to scan for malicious URLs and Abuse.ch to track malware and botnet indicators. At last, we investigate phishing emails using PhishTool and Cisco’s Talos Intelligence platform for intel gathering. On that note, i will take your leave and will see you in next one, Till then “Hack the Planet”.