EventID :82
Event Time : Mar, 21, 2021, 12:26 PM
Rule : SOC140 - Phishing Mail Detected - Suspicious Task Scheduler
Level : Security Analyst
SMTP Address : 189.162.189.159
Source Address : aaronluo@cmail.carleton.ca
Destination Address : mark@letsdefend.io
E-mail Subject : COVID19 Vaccine
Device Action : Blocked
VT: https://www.virustotal.com/gui/file/39fb927c32221134a423760c5d1f58bca4cbbcc87c891c79e390a22b63608eb4/detection
Playbook
Step 1)
Before starting the analysis, information about the incoming email should be obtained.