What is the primary goal of OSINT threat actor profiling?

The goal is to use publicly available information to identify and document an adversary's motivations, capabilities, infrastructure, and techniques to better prepare defensive controls.

Does this skill require external API keys?

Yes, to fully utilize the automated collection features, you will need API keys for services like Shodan, VirusTotal, and AlienVault OTX.

Is the output compatible with other security tools?

Yes, the skill produces STIX 2.1 formatted JSON, which is the industry standard for sharing threat intelligence across SIEMs, TIPs, and other security platforms.

Can this skill help with infrastructure visualization?

While the skill focuses on data collection and profiling, it includes workflows designed to work with tools like Maltego and SpiderFoot for link analysis and infrastructure mapping.

Which security frameworks are supported by this skill?

This skill is mapped to MITRE ATT&CK for TTP documentation and uses STIX 2.1 for structured threat intelligence sharing, alongside NIST CSF 2.0 alignment.

OSINT Threat Actor Profiling

Name: OSINT Threat Actor Profiling
Author: mukul975

bymukul975

•

4,121

•

Seguridad y Pruebas

Builds comprehensive threat actor profiles by analyzing open-source intelligence on adversary motivations, infrastructure, and TTPs.

This skill empowers cybersecurity analysts to systematically document adversaries using OSINT techniques within Claude Code. It automates the collection of intelligence from platforms like VirusTotal, Shodan, and AlienVault OTX, while providing structured mapping to the MITRE ATT&CK framework and STIX 2.1 standards. By correlating infrastructure data and TTPs, it enables security teams to move from reactive defense to proactive threat hunting, generating production-grade dossiers that inform attribution assessments and defensive architecture.

Características Principales

01Structured data modeling using STIX 2.1 Intrusion Set and Threat Actor SDOs

02Automated intelligence gathering from VirusTotal, Shodan, and AlienVault OTX

03Infrastructure correlation workflows using SpiderFoot and Maltego patterns

044,121 GitHub stars

05Dynamic TTP mapping to the MITRE ATT&CK framework via attackcti

06Automated generation of comprehensive threat actor dossiers and executive summaries

Casos de Uso

01Accelerating incident response investigations through rapid attribution analysis

02Developing proactive defense strategies based on known adversary behavior patterns

03Enriching SOC operations with structured, machine-readable threat intelligence

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills building-threat-actor-profile-from-osint

For use in Claude.ai and ChatGPT

Características Principales

01Structured data modeling using STIX 2.1 Intrusion Set and Threat Actor SDOs

02Automated intelligence gathering from VirusTotal, Shodan, and AlienVault OTX

03Infrastructure correlation workflows using SpiderFoot and Maltego patterns

044,121 GitHub stars

05Dynamic TTP mapping to the MITRE ATT&CK framework via attackcti

06Automated generation of comprehensive threat actor dossiers and executive summaries

Casos de Uso

01Accelerating incident response investigations through rapid attribution analysis

02Developing proactive defense strategies based on known adversary behavior patterns

03Enriching SOC operations with structured, machine-readable threat intelligence

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills building-threat-actor-profile-from-osint

For use in Claude.ai and ChatGPT