Post

WriteUp SOC-101 Phishing Email Detected Lets Defend

WritetUp SOC-101 Phishing Email Detected

Posted
By
1 min read
WriteUp SOC-101 Phishing Email Detected Lets Defend

­SOC — 101 Phsing Email Detected is a blue team challenge available on https://app.letsdefend.io/

Our first step goes to the “Monitoring” section. focus on the soc101- Phishing Detected section.



the details of the alerts that we have to analyze



After knowing the details of the alert, enter the investigation section



click playbook to start investigation



The investigative alert stage is divided into 3 points

Detect

  • Parse email
  • Checking email, is there an attached URL in the email?

    Analysis

  • Email Url Analysis
  • Add notes / important points
  • Delete Email if indicated phishing

    Conclusion



    Step 1 - Detect

  • Parse Email
  • When was it sent ?
  • What is the email’s SMTP address?

    146.56.195.192

  • What is the sender address?
    Lethuyan852@gmail.com

  • What is the recipient address?
    mark@letsdefend.io

  • Cheking email, is there an attached URL in the email?

    yes

    Step 2 - Analysis

  • Is the mail content suspicious?

    on the attached link, I tried to analyze through several tools

    Virus Totals :


    judging by the total viral results, the links generally read clean

    Analysis Using Joe Sandbox



    The URL indicates trojan activity

    Important Points

  • Link url : http://nuangaybantiep.xyz/
  • Gmail : Lethuyan852@gmail.com
  • C2 : 146.56.195.192

    Deleted Email

    because the email is phishing, the best advice is to delete it via mailbox

    Step 3- Conclusion

    The email contains a malicious link. The email is actually indicated as phishing. the link is involved in trojan activity

    • Write Up
    CTF Phising Mail Analyzer
    This post is licensed under CC BY 4.0 by the author.