Welcome, Analyst. In this module, you will pivot from internal telemetry directly into external Open-Source Intelligence (OSINT) platforms.
Your objective is to utilize tools like VirusTotal, Shodan, Censys, and Google to enrich suspicious file hashes and IP addresses, attributing them to known malware families and threat actor campaigns.
Scope: Investigate a suspicious executable (badme.exe) detected on a finance endpoint, and a secondary phishing domain (santagift[.]shop). Use VirusTotal, Shodan, Censys, and crt.sh to enrich the indicators.
Scope: You are an SOC analyst at NeoCohorts when an alert is triggered in your internal threat intelligence platform, Cybernetics EDR.
The alert flags suspicious activity originating from a managed client environment. Review the EDR dashboard, extract the indicators, and pivot into external intelligence sources to map the threat.