🟦
LSWSec-Defensive
  • LSWSec - Defensive Security Notes
  • General
    • Tool List
  • Threat Intelligence
    • Introduction
    • Threat Actors and APTs
    • Operational Threat Intelligence
    • Tactical Threat Intelligence
    • Strategic Threat Intelligence
    • Malware and Global Campaigns
  • Phishing
    • Introduction
    • Investigating a Phishing Email
    • Analysing
    • Defensive Action
    • Reactive Measures
    • Report Writing
  • Digital Forensics
    • Introduction
    • Digital Evidence and Handling
    • Memory, Pagefile and Hibernation file
    • Digital Evidence Collection
    • Windows Investigation
    • Linux Investigations
    • Volatility
    • Autopsy
    • Windows Commands
      • Network Discovery
      • DHCP
      • DNS
  • SIEM
    • Introduction
    • Logging
    • Correlation
  • Incident Response
    • Introduction
    • Preperation
    • Detection & Analysis
    • Containment, Eradication and Recovery
    • reporting
    • MITRE Att&ck
  • Event Viewer
    • event Summary
    • Event ID: 4648
    • Event ID: 4776
    • Event ID: 4673
    • Event ID: 4625
Powered by GitBook
On this page
  • Header, Artefacts, content
  • Analysis Process
  1. Phishing

Report Writing

Header, Artefacts, content

Header/Artefact

Email Header:

  • Sending Email Address (Ex: J0hnSm1th@gmail.com)

  • Reply-to Address (Ex: F4keacc0unt2421@gmail.com)

  • Date Sent (Ex: 20th October 2019, 9:34 AM)

  • Sending Server IP (Ex: 40.92.10.10)

  • Reverse DNS of Sending Server IP (Ex: mail-oln040092010100.outbound.protection.outlook.com)

  • Recipient(s) (Ex: jason.s@domain.com, kirsty.p@domain.com, brian.b@domain.com)

  • Subject Line (Ex: Payroll Update – URGENT!)

Email with URLs:

  • Any relevant URLs (Sanitised) (Ex: hxxps://Healthcare-United[.]com/wp/index/2020/PAYPAL/lure.php?)

Emails with Attachments:

  • File Name(s) + Extension (Ex: PayrollDecember_UK.exe)

  • MD5 Hash(es)

Body Content

  • Brief description of email (1-2 sentence what it looks like and what its objective is)

  • Screenshot of email.

Analysis Process

  • Assess the risk

  • Tools used

  • Results provided

PreviousReactive MeasuresNextIntroduction

Last updated 2 years ago