cybportdal - Phishing lab 1

Phishing Analysis (GrabThePhisher - Cyberdefenders)

Scenario

As a cybersecurity analyst at an educational institution, you receive an alert about a phishing email targeting faculty members. The email appears to be from a trusted contact and claims a $625,000 purchase, providing a link to download an invoice.

Introduction

The “PhishStrike” scenario immerses you in a cybersecurity investigation where an educational institution is targeted with a phishing email. The attacker impersonates a trusted contact to bait faculty members into downloading a malicious file, purportedly an invoice for a $625,000 purchase. Leveraging tools such as Email Header Analyzer, URL Haus, and other threat intelligence platforms, this lab walks you through the analysis of email headers and URL-based malware to uncover Indicators of Compromise (IOCs). This exercise aims to deepen your understanding of phishing tactics, the use of SPF/DKIM for email validation, and effective threat mitigation strategies.

Methodology (Steps I took)

Step 1: Identified the sender's IP address.

Identifying the sender's IP address with specific SPF and DKIM values helps trace the source of the phishing email.

figure 1. Opening the email file (.eml) to analyze

figure 2. IP address of sender

NB: The IP address is 18.208.22.104

Step 2: Understanding and identifying the return path

figure 3. Return path of email

NB: Sender's email : erikajohana.lopez@uptc.edu.co

Step 2: Identifying the IP address of ther server hosting the malicious file related to malware distribution. This is critical for effective threat mitigation and response.

figure 1. IP address of the server hosting the malicious file

NB: IP address is 107.175.247.199

Step 2:

figure 1. Identifying the sender's IP address

Step 2:

figure 1. Identifying the sender's IP address