Email body analysis
The email body is where a malicious payload may be delivered to the recipient either as a link or an attachment.
If the email has an attachment: Obtain the attachment safely. Accomplishing this is easy in Thunderbird by using the
Save button. Get its hash and check the file’s reputation with the hash to see if it’s a known malicious document.
Note the root domain for the extracted URLs and do an analysis on the root domain as well. Also check the reputation of the URLs and root domain.