The cyber threat intelligence investigation cycle includes five stages: Planning, Collection, Processing, Analysis, and Dissemination. Especially during the data collection and processing stages, investigators often face challenges to increase both the efficiency and effectiveness of their workflow and support stages of analysis and dissemination.
About DomainTools Threat Intelligence 🔗︎
DomainTools Iris is a threat intelligence and investigation platform that combines enterprise-grade domain intelligence and risk scoring with industry-leading passive DNS data. With DomainTools Transforms in Maltego, investigators can transform a domain name from any source into a comprehensive set of entities, connections, and dynamic properties to reveal actors, surface infrastructure, and highlight risk.
Access to DomainTools Data in Maltego 🔗︎
You can access DomainTools data in Maltego by purchasing a DomainTools membership. For more information about accessing DomainTools data in Maltego, please visit our Transform Hub detail page here .
Webinar | Accelerating Threat Intelligence Investigations with DomainTools and Maltego 🔗︎
This webinar demonstrates how threat intelligence analysts and cyber investigators alike can leverage DomainTools domain and DNS infrastructure data to understand resource development, initial access, lateral movement, command and control, and exfiltration of threat actors and comprises. We also deep dive into how investigators can combine DomainTools with Maltego for effective data aggregation, correlation, and validation, all in a visualized and interactive graph.
In this webinar, you will learn: 🔗︎
1. Introduction to DomainTools and Maltego 🔗︎
- An overview of DomainTools’ domain and DNS infrastructure intelligence
- Brief introduction to Maltego’s investigative capabilities
2. Case Study: Studying A Phishing Campaign Targeting Global Tibetan Organizations By TA413 🔗︎
- Mapping the hosting infrastructure and assessing risk scores of known phishing domains run by TA413 threat actor group
- How to pull DomainTools searches into Maltego to automate data collection and aggregation and visualize the phishing infrastructure of TA413