Threat Intel

Analyze a suspicious executable using VirusTotal and MalwareBazaar to extract IOCs, identify C2 infrastructure, MITRE ATT&CK techniques, and privilege escalation mechanisms. Introduction Another Threat Intel focused lab for today. The red stealer lab available through Cyber Defenders. You are part of the Threat Intelligence team in the SOC (Security Operations Center). An executable file has been discovered on a colleague’s computer, and it’s suspected to be linked to a Command and Control (C2) server, indicating a potential malware infection. Your task is to investigate this executable by analyzing its hash. The goal is to gather and analyze data beneficial to other SOC members, including the Incident Response team, to respond to this suspicious behavior efficiently. ...

Analyze email headers and threat intelligence to identify phishing indicators, malware persistence, and C2 channels, extracting actionable IOCs. Introduction It’s no secret that I’m no stranger to phishing emails. A lot of the grunt-y SOC work I do is analyzing potential phishing emails. Some people consider it boring or repetitive and while I understand this sentiment I don’t entirely agree with it. The process can be pretty fun if you see new phishing lures and compile IOCs. ...