Emails

CRITs allows you to track any email you wish to. Whether you want to track spearfishing or truly malicious emails, it is up to you how you want to use it. There are several ways to get Emails into CRITs:

Field Upload: Enter the email manually, field by field.
MSG Upload: Upload an MSG file from Outlook.
YAML Upload: Upload an email that has been converted into YAML format.
EML Upload: Upload an email that is in EML format.
Raw Upload: Paste the raw contents of an email for it to be parsed out automatically.

There are Services which automatically add emails as well. The Chopshop service will allow you to carve out SMTP directly from a PCAP, add them as Emails, and relate them back to the PCAP for you.

We track these fields for Emails:

From Address
Sender
To (in simple format. ex: [email protected])
CC (in simple format. ex: [email protected])
Date (as the string that came in the Email)
ISODate (the Date string converted into a datetime object automatically by CRITs)
Subject
X-Mailer
Reply To
Message ID
HELO
Boundary
Originating IP
X-Originating IP
Raw Header
Raw Body

All of these values (with the exception of ISODate) can be modified in-line on the Email Details page. For some of the fields, there is a + next to the value which is a quick way to add that value as an Indicator in your system.

There is also a JSON View, YAML View, and CybOX view to quickly format the email a certain way if you need to.

Emails

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally