Write UP SOC — 101 Phsing Email Detected - Lets Defend
Published:
SOC — 101 Phsing Email Detected is a blue team challenge available on https://app.letsdefend.io/
Our first step goes to the “Monitoring” section. focus on the soc101- Phishing Detected section.
the details of the alerts that we have to analyze
After knowing the details of the alert, enter the investigation section
click playbook to start investigation
The investigative alert stage is divided into 3 points
Detect
Analysis
Conclusion
Step 1 - Detect


146.56.195.192
Lethuyan852@gmail.com
mark@letsdefend.io
yes

Step 2 - Analysis
on the attached link, I tried to analyze through several tools
Virus Totals :

judging by the total viral results, the links generally read clean
Analysis Using Joe Sandbox

The URL indicates trojan activity
Important Points
Deleted Email
because the email is phishing, the best advice is to delete it via mailbox