shinuraveendran/Advanced-Phishing-Email-Investigation-and-Threat-Intelligence-Framework

# Advanced Phishing Email Investigation and Threat Intelligence Framework ## Overview This project is a Python-based phishing email investigation and threat intelligence framework designed to simulate a real-world SOC (Security Operations Center) phishing analysis workflow. The tool automates the investigation process by parsing real `.eml` phishing emails, analyzing email headers, extracting Indicators of Compromise (IOCs), enriching threat data using the VirusTotal API, mapping attacks to MITRE ATT&CK techniques, and generating investigation reports. The primary goal of this project is to demonstrate practical blue-team investigation skills, threat intelligence integration, and phishing detection methodology. # Features - Real `.eml` phishing email parsing - SPF, DKIM, and DMARC validation checks - Suspicious Reply-To detection - IOC extraction - URLs - Domains - IP addresses - SHA256 hash generation - VirusTotal threat intelligence integration - MITRE ATT&CK mapping - Automated risk scoring engine - TXT investigation report generation - JSON IOC report generation - Modular Python architecture # SOC Investigation Workflow Phishing Email ↓ EML Parsing ↓ Header Analysis ↓ IOC Extraction ↓ VirusTotal Threat Intelligence ↓ MITRE ATT&CK Mapping ↓ Risk Scoring ↓ TXT + JSON Report Generation