-
Notifications
You must be signed in to change notification settings - Fork 6
/
phishing_attack.json
70 lines (70 loc) · 2.07 KB
/
phishing_attack.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
{
"name": "PhishingAttack",
"display_name": "Phishing Attack",
"description": "A case template for handling phishing attack incidents",
"author": "DFIR-IRIS",
"title_prefix": "[PHISHING]",
"summary": "Investigation and mitigation of a phishing attack",
"classification": "fraud:phishing",
"tags": [
"phishing",
"email"
],
"tasks": [
{
"title": "Verify phishing email",
"description": "Confirm the email is indeed a phishing attempt",
"tags": [
"email",
"verification"
]
},
{
"title": "Analyze phishing email",
"description": "Analyze the email headers, content, and any attachments for IOCs",
"tags": [
"analysis",
"IOCs"
]
},
{
"title": "Block sender",
"description": "Block the sender's email address to prevent further attempts",
"tags": [
"email",
"blocking"
]
},
{
"title": "Notify affected users",
"description": "Notify affected users about the phishing attack and provide guidance",
"tags": [
"communication",
"awareness"
]
},
{
"title": "Update security awareness training",
"description": "Update security awareness training materials to cover this type of phishing attempt if unknown",
"tags": [
"training",
"prevention"
]
}
],
"note_groups": [
{
"title": "Phishing email details",
"notes": [
{
"title": "Phishing email header",
"content": "Details of the email header"
},
{
"title": "Phishing email content",
"content": "Summary of the email content"
}
]
}
]
}