How does fishing work in real life? The fisherman chooses a suitable place for fishing, he chooses the right tools; a fishing rod or nets, and he also needs to choose the right bait. When everything is ready, he can expect a good degree of success. In fact, fishing in cyberspace is not that different from fishing in real life. A threat actor needs to choose the right tools. Depending on the purpose, he can use different tools; such as bankers to steal money or espionage tools to steal data. A threat actor can also use third-party tools such as Cobalt Strike or Metasploit, everything will depend on the goals.