Common Information
| Type | Value |
|---|---|
| Value |
Outlook Rules - T1137.005 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may abuse Microsoft Outlook rules to obtain persistence on a compromised system. Outlook rules allow a user to define automated behavior to manage email messages. A benign rule might, for example, automatically move an email to a particular folder in Outlook if it contains specific words from a specific sender. Malicious Outlook rules can be created that can trigger code execution when an adversary sends a specifically crafted email to that user.(Citation: SilentBreak Outlook Rules) Once malicious rules have been added to the user’s mailbox, they will be loaded when Outlook is started. Malicious rules will execute when an adversary sends a specifically crafted email to the user.(Citation: SilentBreak Outlook Rules) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-09-24 | 0 | Microsoft Outlook Forensic Analysis: A Deep Dive into Email Investigations | ||
| Details | Website | 2022-01-23 | 0 | Manage email messages by using rules | ||
| Details | Website | 2020-11-23 | 4 | A Fresh Outlook on Mail Based Persistence - MDSec | ||
| Details | Website | 2018-12-12 | 2 | Rule your inbox with Microsoft Cloud App Security | ||
| Details | Website | 2018-02-25 | 2 | Hexacorn | Blog How to become the best SOC Analyst E-V-E-R | ||
| Details | Website | 2017-10-11 | 20 | GitHub - sensepost/notruler: The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange. | ||
| Details | Website | 2017-09-22 | 2 | “Tasking” Office 365 for Cobalt Strike C2 | ||
| Details | Website | 2015-12-04 | 17 | Malicious Outlook Rules - NetSPI |