SOC LEVEL 1
  • Path 1
    • Cyber Defense Framework
      • Security Analyst Intro
      • Pyramid of Pain
      • Cyber Kill Chain
      • Unified Kill Chain
      • Diamond Model
      • MITRE
  • PATH 2
    • Cyber Threat Intelligence
      • Intro to Cyber Threat Intel
      • Threat Intelligence Tools
      • Yara
      • OpenCTI
      • MISP
  • PATH 3
    • Network Security and Traffic Analysis
      • Traffic Analysis Essentials
      • Snort
      • Snort Challenge - The Basics
      • Snort Challenge - Live Attacks
      • NetworkMiner
      • Zeek
      • Zeek Exercises
      • Brim
      • Wireshark: The Basics
      • Wireshark: Packet Operations
      • Wireshark: Traffic Analysis
  • PATH 4
    • Endpoint Security Monitoring
      • Intro to Endpoint Security
      • Core Windows Processes
      • Sysinternals
      • Windows Event Logs
      • Sysmon
      • Osquery: The basics
      • Wazuh
  • PATH 5
    • Security Information and Event Management
      • Introduction to SIEM
      • Investigating with ELK 101
      • ItsyBitsy
      • Splunk: Basics
      • Incident Handling with Splunk
      • Investigating with Splunk
      • Benign
  • PATH 6
    • Digital Forensics and Incident Response
      • DFIR: An Introduction
      • Windows Forensics 1
      • Windows Forensics 2
      • Linux Forensics
      • Autopsy
      • Redline
      • Kape
      • Volatility
      • Velociraptor
      • TheHive Project
      • Intro to Malware Analysis
  • PATH 7
    • Phishing
      • Phishing Analysis Fundamentals
      • Phishing Emails in Action
      • Phishing Analysis Tools
      • Phishing Prevention
      • The Greenholt Phish
Powered by GitBook
On this page
  1. PATH 7
  2. Phishing

The Greenholt Phish

Use the knowledge attained to analyze a malicious email.

PreviousPhishing Prevention

Last updated 2 years ago

"A Sales Executive at Greenholt PLC received an email that he didn't expect to receive from a customer. He claims that the customer never uses generic greetings such as "Good day" and didn't expect any amount of money to be transferred to his account. The email also contains an attachment that he never requested. He forwarded the email to the SOC (Security Operations Center) department for further investigation. Investigate the email sample to determine if it is legitimate."

What is the email's timestamp? (answer format: mm/dd/yyyy hh:mm)

Who is the email from?

Mr. James Jackson

What is his email address?

info@mutawamarine.com

What email address will receive a reply to this email?

What is the Originating IP?

Who is the owner of the Originating IP? (Do not include the "." in your answer.)

What is the SPF record for the Return-Path domain?

What is the DMARC record for the Return-Path domain?

What is the name of the attachment?

What is the SHA256 hash of the file attachment?

What is the attachments file size? (Don't forget to add "KB" to your answer, NUM KB)

What is the actual file extension of the attachment?

rar

06/10/2020 05:58
info.mutawamarine@mail.com
192.119.71.157
HostWinds LLC
v=spf1 include:spf.protection.outlook.com -all
v=DMARC1; p=quarantine; fo=1
SWT_#09674321____PDF__.CAB
2e91c533615a9bb8929ac4bb76707b2444597ce063d84a4b33525e25074fff3f
400.26 KB