Cyber Threat Intelligence: Intro to Cyber Threat Intel (TryHackMe)

In this article, I will write an Intro to Cyber Threat Intel write-up: The Basics that covers Introduction, Cyber Threat Intelligence, CTI Lifecycle, and CTI Standards & Frameworks.

1. What does CTI stand for? Cyber Threat Intelligence

2. IP addresses, Hashes and other threat artefacts would be found under which Threat Intelligence classification? Technical Intel

3. At which phase of the CTI lifecycle is data converted into usable formats through sorting, organising, correlation and presentation? Processing

4. During which phase do security analysts get the chance to define the questions to investigate incidents? Direction

5. What sharing models are supported by TAXII? Collection and Channel

6. When an adversary has obtained access to a network and is extracting data, what phase of the kill chain are they on? Actions on Objectives

7. What was the source email address? vipivillain@badbank.com

   

8. What was the name of the file downloaded? flbpfuh.exe

   

9. After building the threat profile, what message do you receive? THM{NOW_I_CAN_CTI}

   

• Threat Actor Extraction IP Address: 91.185.23.222

• Threat Actor Email Address: vipivillain@badbank.com

• Malware Tool: flbpfuh.exe

• User Victim Logged Account: Administrator

• Victim Email Recipient: John Doe

Thank you for reading my article. Please leave any questions or comments on improving my learning journey and the THM challenges.