Case 1

Scenario: You are a Level 1 SOC Analyst. Several suspicious emails have been forwarded to you from other coworkers. You must obtain details from each email for your team to implement the appropriate rules to prevent colleagues from receiving additional spam/phishing emails.

Questions

What brand was this email tailored to impersonate?

Answer: NetFlix

What is the From email address?

Answer: JGQ47wazXe1xYVBrkeDg-JOg7ODDQwWdR@JOg7ODDQwWdR-yVkCaBkTNp.gogolecloud.com

What is the originating IP? Defang the IP address.

Answer: 209[.]85[.]167[.]226

From what you can gather, what do you think will be a domain of interest? Defang the domain.

Answer: etekno[.]xyz

What is the shortened URL? Defang the URL.

Answer: hxxps[://]t[.]co/yuxfZm8KPg?amp=1