Please enable JavaScript.
Coggle requires JavaScript to display documents.
Intelligence Analysis (DFIR, Threat-Research, CTI), Usage: :star:YARA …
Intelligence Analysis
(DFIR, Threat-Research, CTI)
OSINT
:mag: Social Media Accounts
Twitter
Telegram
Facebook
Instagram
:mag: Online Forums
Raidforums
Kilo
:mag: Location
Google Maps
TinEye
:mag: PhoneNumber
TrueCaller
:mag: Related Leaked DBs
Target
Country
Indivisual
Sector
Organization
TTPs
MITRE ATT&CK
Impact
Exfiltration
Command & Control
Collection
Lateral Movement
Discovery
Credential Access
Defense Evasion
Privilege Escalation
Persistence
Execution
Initial Access
Resource Development
Reconnaissance
Infrastructure
:mag: Domain Fingerprint
:mag: TLS Certficates
Fingerprint
:red_flag: MD5
:mag: :red_flag: SHA-1
:red_flag: SHA-256
:mag: :red_flag: JA3
Validity
:mag: Before
:mag: After
Signing Status
(e.g. self-signed)
Subject
Issuer
:red_flag: Hostname
:red_flag: URL
:red_flag: Domain
:mag: WHOIS
Registrar
:mag: Name
IANA ID
:mag: Country
Registrant
:mag: :red_flag: Organization
:mag: Country
Creation Date
Nameservers
Records
SPF
DMARC
:red_flag: IP Address
ASN
Name
:mag: Number
Country
:red_flag: Email Address
Code Similarity
:mag: Machine ID
:star: :mag: Signing Certificate
:mag: PE Timestamps
:star: :mag: :black_flag: PDB Path
:star: Exports
:mag: Open-source tools
:star: :mag: Imphash
:star: :mag: PE Sections
Platforms
TotalHash
VirusTotal
:star: :mag: Resources
Attack Timing
Start
Stop
Day time preferred by attacker
File Characteristics
:black_flag: :red_flag: Filename
PE Info
:star: Method of Execution
e.g. (RARSFX)
:star: Anomalies
:star: Signature/Certificates
Execution Methodology
HEX Editor
:star: Strings
:star: Obfuscation / Encoding
:star: File Size
Exploitation Mechanism
:black_flag: UAC Bypass
:black_flag: LOLBins
:star: :black_flag: CVE(s)
Sandbox
:star: :black_flag: Registry Changes
:star: :red_flag: Dropped Files
:black_flag: Process Tree
:red_flag: Mutex or Named Pipe
:red_flag: Network Connections
Usage:
:star:YARA
:black_flag:SIGMA
:red_flag:IOC
:mag: Pivot