This project documents the analysis of a phishing email obtained from the PhishingPot repository. The investigation focused on email header analysis, authentication validation, attachment analysis, URL investigation, and indicator extraction to determine the nature and objectives of the phishing campaign.
- Analyze email headers
- Validate SPF, DKIM, and DMARC
- Identify sender infrastructure
- Examine phishing content
- Analyze malicious attachments
- Extract indicators of compromise (IOCs)
- Document findings in a structured report
The analyzed email used a cryptocurrency themed lure claiming the recipient could withdraw Bitcoin. The message originated from a legitimate Gmail account and passed SPF, DKIM, and DMARC authentication checks. Investigation of the attachment and embedded content revealed phishing related activity intended to deceive users into interacting with fraudulent resources.
- VirusTotal
- Hybrid Analysis
- MXToolbox
- IpInfo
- Email Header Analysis
- Threat Intelligence
- IOC Extraction
- Phishing Investigation
- Attachment Analysis
- Technical Reporting
- Security Documentation
Email-Case-Study/
├── Raw-phishing-eml/
│ └── Raw-phishing-eml.eml
├── Email-Analysis/
│ ├── Technical-Analysis.md
│ ├── Executive-Summary.md
│ ├── IoCs.md
│ └── Conclusion.md
└── Screenshots/
| Artifact | Description |
|---|---|
| Technical Analysis | Detailed header, URL, and attachment analysis |
| Executive Summary | High-level findings and recommendations |
| IOCs | Indicators of compromise identified during analysis |
| Conclusion | Final assessment and lessons learned |
| Original EML | Original phishing email sample |
| Screenshots | Screenshots |
| Technique | Description |
|---|---|
| T1566.001 | Phishing: Spearphishing Attachment |
| T1204 | User Execution |
- Email authentication does not guarantee legitimacy
- Trusted cloud services can be abused
- Social engineering remains highly effective
- Attachments should be analyzed before execution
- PhishingPot Repository
- VirusTotal
- Hybrid Analysis
- MITRE ATT&CK