Common Information
| Type | Value |
|---|---|
| Value |
Outlook Home Page - T1137.004 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may abuse Microsoft Outlook's Home Page feature to obtain persistence on a compromised system. Outlook Home Page is a legacy feature used to customize the presentation of Outlook folders. This feature allows for an internal or external URL to be loaded and presented whenever a folder is opened. A malicious HTML page can be crafted that will execute code when loaded by Outlook Home Page.(Citation: SensePost Outlook Home Page) Once malicious home pages have been added to the user’s mailbox, they will be loaded when Outlook is started. Malicious Home Pages will execute when the right Outlook folder is loaded/reloaded.(Citation: SensePost Outlook Home Page) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-07-29 | 50 | Specula - Turning Outlook Into a C2 With One Registry Change | ||
| Details | Website | 2023-10-23 | 273 | Red Team Tools | ||
| Details | Website | 2021-02-19 | 4 | GitHub - sensepost/ruler: A tool to abuse Exchange services | ||
| Details | Website | 2020-06-18 | 8 | Inside Microsoft 365 Defender: Mapping attack chains from cloud to endpoint - Microsoft Security Blog | ||
| Details | Website | 2019-12-04 | 17 | Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774) | Mandiant | ||
| Details | Website | 2018-12-21 | 72 | OVERRULED: Containing a Potentially Destructive Adversary | Mandiant |