* Datetime * ProgramName * QueueID * Phishing Classification * ClientIP * mFrom * bodyFrom * rcpt * messageId ``` Mar 9 00:21:26 prod-use1-smtp-out1001 titanmilterout[31057]: D8F9960015: DifferentFrom:[Phishing] clientIP:=177.66.14.160, mFrom:=avauea@c066561fcc9cc38adde745462eb14f4fb955a3aa.com.br, bodyFrom:=suporteava@5c7f0de0e4f7ca80da4ccde9f0c44e2fc4e1a500.edu.br, rcpt:=[llnb.med20@5c7f0de0e4f7ca80da4ccde9f0c44e2fc4e1a500.edu.br], messageId:= Mar 1 14:33:49 prod-use1-smtp-out1001 titanmilterout[31057]: A945860023: DifferentFrom:[NoPhishing] clientIP:=3.230.178.173, mFrom:=robert@dd1a0cacd45ed9374069bcc9b63662936872c0e1.com, bodyFrom:=robert1234@fa226057d856a997f6a8e28c412f5e8f2062f5c9.com, rcpt:=[april@dd1a0cacd45ed9374069bcc9b63662936872c0e1.com], messageId:= ``` # Question 1 From the logs print total number of phishing cases Hint: Pattern to look for: DifferentFrom: [Phishing] Example output: format - ` ` Example output in tripple quotes ``` 7881 DifferentFrom:[Phishing] ``` # Question 2 From the logs print number of phishing and non phishing cases Hint: Pattern to look for: DifferentFrom: [Phishing], DifferentFrom: [NoPhishing] Example output: format - ` ` Example output in tripple quotes ``` 7881 DifferentFrom:[Phishing] 109 DifferentFrom:[NoPhishing] ``` # Question 3 Print the statistics for top 10 IP address used for phishing Example output: format - ` ` Example output in tripple quotes ``` 2409 clientIP:=177.66.14.160, 1404 clientIP:=54.85.70.166, 346 clientIP:=158.69.26.67, 253 clientIP:=46.4.69.115, 207 clientIP:=3.230.178.173, 202 clientIP:=201.184.81.34, 164 clientIP:=3.95.73.217, 160 clientIP:=81.16.29.131, 160 clientIP:=220.233.43.99, 144 clientIP:=69.77.162.55, ``` # Question 4 From the logs print top 10 number of entries where email sent is of Phishing type ordered by IP, mFrom Example output: format - ` ` Example output in tripple quotes ``` 2409 177.66.14.160 avauea@c066561fcc9cc38adde745462eb14f4fb955a3aa.com.br, 470 54.85.70.166 reportspam2@d9aef875abf14bcd44a08b684e73b2e32b2ed8b6.com, 469 54.85.70.166 reportspam@d9aef875abf14bcd44a08b684e73b2e32b2ed8b6.com, 465 54.85.70.166 reportspam3@d9aef875abf14bcd44a08b684e73b2e32b2ed8b6.com, 346 158.69.26.67 pemasaran@b4768231b2892bce279a089b799c7b0c1f6b30c4.com, 250 46.4.69.115 learningabilities@0dc61fba4b75965b0596dbe9d64cc9516b720ac4.gr, 207 201.184.81.34 scanner@b3cbc1eb493b8c28fcdc2abcc74efe89d3e34f97.com, 164 81.16.29.131 intencje@748aa075cb92ddda55941b84adf2a04ad050dc23.augustianki.pl, 160 220.233.43.99 netflix201@214d5ae29db49303980b10a69631ea28dc65b93e.online, 119 173.254.24.17 info@9bafbb44f8000fbd5232e9dd567c71028740c872.ae, ``` # Question 5 From the logs print the top 10 domains inovlved in phishing.Domain should be taken from mFrom field Example output format: ` ` ``` 2409 c066561fcc9cc38adde745462eb14f4fb955a3aa.com.br 1404 d9aef875abf14bcd44a08b684e73b2e32b2ed8b6.com 368 b3cbc1eb493b8c28fcdc2abcc74efe89d3e34f97.com 346 b4768231b2892bce279a089b799c7b0c1f6b30c4.com 250 0dc61fba4b75965b0596dbe9d64cc9516b720ac4.gr 164 748aa075cb92ddda55941b84adf2a04ad050dc23.augustianki.pl 160 214d5ae29db49303980b10a69631ea28dc65b93e.online 153 52af64f5d234a532128455198e1050d7cd176914.com.br 144 b41b40f62ce67bd1ad472580c5b7689bb0a4fa8d.com 119 9bafbb44f8000fbd5232e9dd567c71028740c872.ae ``` # Question 6 From the logs print the top 10 mFrom, bodyFrom combination involved in phishing Example output format: ` ` ``` 307 pemasaran@b4768231b2892bce279a089b799c7b0c1f6b30c4.com, taianh91346@f0a8ca50ac33e6787f4a4355d3a5ff97a0985926.com, 250 learningabilities@0dc61fba4b75965b0596dbe9d64cc9516b720ac4.gr, learningabilitiesmp@f0a8ca50ac33e6787f4a4355d3a5ff97a0985926.com, 245 avauea@c066561fcc9cc38adde745462eb14f4fb955a3aa.com.br, lnreis@5c7f0de0e4f7ca80da4ccde9f0c44e2fc4e1a500.edu.br, 192 scanner@b3cbc1eb493b8c28fcdc2abcc74efe89d3e34f97.com, info@7e81ee2d86b42de06b2cc96a4af9631037615f8d.com, 176 avauea@c066561fcc9cc38adde745462eb14f4fb955a3aa.com.br, wdsv.med19@5c7f0de0e4f7ca80da4ccde9f0c44e2fc4e1a500.edu.br, 157 avauea@c066561fcc9cc38adde745462eb14f4fb955a3aa.com.br, tsfeitoza@5c7f0de0e4f7ca80da4ccde9f0c44e2fc4e1a500.edu.br, 148 intencje@748aa075cb92ddda55941b84adf2a04ad050dc23.augustianki.pl, ogrod@addd7de4ef6e6928e4025108b2c79e705d94cf56.pl, 144 netflix201@214d5ae29db49303980b10a69631ea28dc65b93e.online, taianh91346@f0a8ca50ac33e6787f4a4355d3a5ff97a0985926.com, 128 avauea@c066561fcc9cc38adde745462eb14f4fb955a3aa.com.br, jsdsilva@5c7f0de0e4f7ca80da4ccde9f0c44e2fc4e1a500.edu.br, 106 avauea@c066561fcc9cc38adde745462eb14f4fb955a3aa.com.br, wdsantos@5c7f0de0e4f7ca80da4ccde9f0c44e2fc4e1a500.edu.br, ```

Question

* Datetime * ProgramName * QueueID * Phishing Classification * ClientIP * mFrom * bodyFrom * rcpt * messageId ``` Mar 9 00:21:26 prod-use1-smtp-out1001 titanmilterout[31057]: D8F9960015: DifferentFrom:[Phishing] clientIP:=177.66.14.160, mFrom:=avauea@c066561fcc9cc38adde745462eb14f4fb955a3aa.com.br, bodyFrom:=suporteava@5c7f0de0e4f7ca80da4ccde9f0c44e2fc4e1a500.edu.br, rcpt:=[llnb.med20@5c7f0de0e4f7ca80da4ccde9f0c44e2fc4e1a500.edu.br], messageId:=<6227f303ed4f34.19719255@1de6ff50d80aac0f956afdfd2a9d96da35df224b.uea.edu.br> Mar 1 14:33:49 prod-use1-smtp-out1001 titanmilterout[31057]: A945860023: DifferentFrom:[NoPhishing] clientIP:=3.230.178.173, mFrom:=robert@dd1a0cacd45ed9374069bcc9b63662936872c0e1.com, bodyFrom:=robert1234@fa226057d856a997f6a8e28c412f5e8f2062f5c9.com, rcpt:=[april@dd1a0cacd45ed9374069bcc9b63662936872c0e1.com], messageId:=<71626579753239552.5330@2fa56e2ec82ed45c523eafa6d1ac83285b61bade.flock.com> ``` # Question 1 From the logs print total number of phishing cases Hint: Pattern to look for: DifferentFrom: [Phishing] Example output: format - ` ` Example output in tripple quotes ``` 7881 DifferentFrom:[Phishing] ``` # Question 2 From the logs print number of phishing and non phishing cases Hint: Pattern to look for: DifferentFrom: [Phishing], DifferentFrom: [NoPhishing] Example output: format - ` ` Example output in tripple quotes ``` 7881 DifferentFrom:[Phishing] 109 DifferentFrom:[NoPhishing] ``` # Question 3 Print the statistics for top 10 IP address used for phishing Example output: format - ` ` Example output in tripple quotes ``` 2409 clientIP:=177.66.14.160, 1404 clientIP:=54.85.70.166, 346 clientIP:=158.69.26.67, 253 clientIP:=46.4.69.115, 207 clientIP:=3.230.178.173, 202 clientIP:=201.184.81.34, 164 clientIP:=3.95.73.217, 160 clientIP:=81.16.29.131, 160 clientIP:=220.233.43.99, 144 clientIP:=69.77.162.55, ``` # Question 4 From the logs print top 10 number of entries where email sent is of Phishing type ordered by IP, mFrom Example output: format - ` ` Example output in tripple quotes ``` 2409 177.66.14.160 avauea@c066561fcc9cc38adde745462eb14f4fb955a3aa.com.br, 470 54.85.70.166 reportspam2@d9aef875abf14bcd44a08b684e73b2e32b2ed8b6.com, 469 54.85.70.166 reportspam@d9aef875abf14bcd44a08b684e73b2e32b2ed8b6.com, 465 54.85.70.166 reportspam3@d9aef875abf14bcd44a08b684e73b2e32b2ed8b6.com, 346 158.69.26.67 pemasaran@b4768231b2892bce279a089b799c7b0c1f6b30c4.com, 250 46.4.69.115 learningabilities@0dc61fba4b75965b0596dbe9d64cc9516b720ac4.gr, 207 201.184.81.34 scanner@b3cbc1eb493b8c28fcdc2abcc74efe89d3e34f97.com, 164 81.16.29.131 intencje@748aa075cb92ddda55941b84adf2a04ad050dc23.augustianki.pl, 160 220.233.43.99 netflix201@214d5ae29db49303980b10a69631ea28dc65b93e.online, 119 173.254.24.17 info@9bafbb44f8000fbd5232e9dd567c71028740c872.ae, ``` # Question 5 From the logs print the top 10 domains inovlved in phishing.Domain should be taken from mFrom field Example output format: ` ` ``` 2409 c066561fcc9cc38adde745462eb14f4fb955a3aa.com.br 1404 d9aef875abf14bcd44a08b684e73b2e32b2ed8b6.com 368 b3cbc1eb493b8c28fcdc2abcc74efe89d3e34f97.com 346 b4768231b2892bce279a089b799c7b0c1f6b30c4.com 250 0dc61fba4b75965b0596dbe9d64cc9516b720ac4.gr 164 748aa075cb92ddda55941b84adf2a04ad050dc23.augustianki.pl 160 214d5ae29db49303980b10a69631ea28dc65b93e.online 153 52af64f5d234a532128455198e1050d7cd176914.com.br 144 b41b40f62ce67bd1ad472580c5b7689bb0a4fa8d.com 119 9bafbb44f8000fbd5232e9dd567c71028740c872.ae ``` # Question 6 From the logs print the top 10 mFrom, bodyFrom combination involved in phishing Example output format: ` ` ``` 307 pemasaran@b4768231b2892bce279a089b799c7b0c1f6b30c4.com, taianh91346@f0a8ca50ac33e6787f4a4355d3a5ff97a0985926.com, 250 learningabilities@0dc61fba4b75965b0596dbe9d64cc9516b720ac4.gr, learningabilitiesmp@f0a8ca50ac33e6787f4a4355d3a5ff97a0985926.com, 245 avauea@c066561fcc9cc38adde745462eb14f4fb955a3aa.com.br, lnreis@5c7f0de0e4f7ca80da4ccde9f0c44e2fc4e1a500.edu.br, 192 scanner@b3cbc1eb493b8c28fcdc2abcc74efe89d3e34f97.com, info@7e81ee2d86b42de06b2cc96a4af9631037615f8d.com, 176 avauea@c066561fcc9cc38adde745462eb14f4fb955a3aa.com.br, wdsv.med19@5c7f0de0e4f7ca80da4ccde9f0c44e2fc4e1a500.edu.br, 157 avauea@c066561fcc9cc38adde745462eb14f4fb955a3aa.com.br, tsfeitoza@5c7f0de0e4f7ca80da4ccde9f0c44e2fc4e1a500.edu.br, 148 intencje@748aa075cb92ddda55941b84adf2a04ad050dc23.augustianki.pl, ogrod@addd7de4ef6e6928e4025108b2c79e705d94cf56.pl, 144 netflix201@214d5ae29db49303980b10a69631ea28dc65b93e.online, taianh91346@f0a8ca50ac33e6787f4a4355d3a5ff97a0985926.com, 128 avauea@c066561fcc9cc38adde745462eb14f4fb955a3aa.com.br, jsdsilva@5c7f0de0e4f7ca80da4ccde9f0c44e2fc4e1a500.edu.br, 106 avauea@c066561fcc9cc38adde745462eb14f4fb955a3aa.com.br, wdsantos@5c7f0de0e4f7ca80da4ccde9f0c44e2fc4e1a500.edu.br, ```

Zeta

Frage im Vorstellungsgespräch bei Zeta

Beobachtete Unternehmen

Jobsuchen