Packet Capture Analysis

Incident Overview

Scenario: You are a Level 1 SOC Analyst. Several suspicious emails have been forwarded to you from other coworkers. You must obtain details from each email for your team to implement the appropriate rules to prevent colleagues from receiving additional spam/phishing emails.

Task: You have been provided a raw network capture file named phishing_analysis.pcap. Open this file in Wireshark to begin your investigation.

Navigate through Phase 1 and Phase 2 on the left menu to isolate SMTP communication codes and extract the malicious Internet Message Format (IMF) payloads.