Email Investigation

Scenario

In this exercise, you have been given a compromised device. During your investigation, you have isolated an email address as the source of the compromise. You are tasked with investigating the email address to gain more information about the threat actor.

Objectives

Objective 1: What have you determined about this email address?

Objective 2: Is there any threat actor associated with the email address?

Objective 3: What have to discovered about this threat actor?

Searches

First search: Perform a search for the macie.dietrich50@mail.com.
https://community.riskiq.com/search/whois/email/macie.dietrich50@mail.com

Post-investigation Reads

Indictment of threat actor:
https://www.justice.gov/opa/page/file/1098481/download

https://www.bellingcat.com/news/uk-and-europe/2018/09/20/skripal-suspects-confirmed-gru-operatives-prior-european-operations-disclosed/