The next step when interacting with a phishing domain is to isolate the campaign (e.g: download the zip file the attacker is utilizing). This document will go through a few things in order to assist with isolating the campaign files as well as some Linux tools that the analyst can utilize to automate discovery of additional IOC's instead of weeding through code.

Register to read more …