Persecure : my learning archive

BTLO : Phishing Analysis

A user has received a phishing email and forwarded it to the SOC. Can you investigate the email and attachment to collect useful artifacts?

Challenge Submission

Who is the primary recipient of this email? (1 points)

What is the subject of this email? (1 points)

What is the date and time the email was sent? (1 points)

What is the Originating IP? (1 points)

Perform reverse DNS on this IP address, what is the resolved host? (whois.domaintools.com) (1 points)

What is the name of the attached file? (2 points)

What is the URL found inside the attachment? (1 points)

What service is this webpage hosted on? (1 points)

Using URL2PNG, what is the heading text on this page? (Doesn’t matter if the page has been taken down!) (1 points)

Create a website or blog at WordPress.com