IOC Search Collector Analysis
Scenario: You are assigned to do a threat hunting task at Osinski Inc. They believe there has been an intrusion, and the malicious actor was using the tool to perform the lateral movement attack, possibly a “pass-the-hash” attack.
Task: Can you find the file planted on the victim’s computer using IOC Editor and Redline IOC Search Collector?
So far, you only know the following artifacts for the file:
File Size (Bytes):
Note: Open Previous Analysis, and use the existing Redline Session found in
Provide the path of the file that matched all the artifacts along with the filename.
Provide the path where the file is located without including the filename.
Who is the owner of the file?
Provide the subsystem for the file.
Provide the Device Path where the file is located.
Provide the hash (SHA-256) for the file.
The attacker managed to masquerade the real filename. Can you find it having the hash in your arsenal?