Writing a Parser to Detect SPF Fields in Email Messages
Tags
| attack-pattern: | Data Domains - T1583.001 Domains - T1584.001 Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 7cdf8b29-1b23-4ca4-9c29-72829162caf5 |
| Fingerprint | 3f78207d54a28eb4 |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | April 27, 2016, 1:31 p.m. |
| Added to db | Jan. 18, 2023, 9:22 p.m. |
| Last updated | Nov. 17, 2024, 6:32 p.m. |
| Headline | NetWitness Community |
| Title | Writing a Parser to Detect SPF Fields in Email Messages |
| Detected Hints/Tags/Attributes | 26/1/17 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | infra1.csuk.eu.rsa.net |
|
| Details | Domain | 4 | www.acme.com |
|
| Details | Domain | 10 | rsa.com |
|
| Details | Domain | 1 | infra1.esc.ai |
|
| Details | Domain | 150 | www.w3.org |
|
| Details | Domain | 1 | mx.messagelabs.com |
|
| Details | 1 | envelope-from=david.waugh@waugh.local |
||
| Details | 1 | david.waugh2@rsa.com |
||
| Details | 1 | 0bd101d1a07e$0e479230$2ad6b690$@waugh.local |
||
| Details | File | 1 | infra1.cs |
|
| Details | File | 1 | esc.ai |
|
| Details | File | 1 | parsers.xsd |
|
| Details | IPv4 | 1 | 192.168.123.250 |
|
| Details | IPv4 | 1 | 152.62.229.74 |
|
| Details | Threat Actor Identifier - APT | 297 | APT27 |
|
| Details | Url | 1 | http://www.acme.com/software/spfmilter |
|
| Details | Url | 50 | http://www.w3.org/2001/xmlschema-instance |