T1137.003 Outlook Forms Mappings

Adversaries may abuse Microsoft Outlook forms to obtain persistence on a compromised system. Outlook forms are used as templates for presentation and functionality in Outlook messages. Custom Outlook forms can be created that will execute code when a specifically crafted email is sent by an adversary utilizing the same custom Outlook form.(Citation: SensePost Outlook Forms)

Once malicious forms have been added to the user’s mailbox, they will be loaded when Outlook is started. Malicious forms will execute when an adversary sends a specifically crafted email to the user.(Citation: SensePost Outlook Forms)

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-06 Least Privilege Protects T1137.003 Outlook Forms
CM-02 Baseline Configuration Protects T1137.003 Outlook Forms
CM-06 Configuration Settings Protects T1137.003 Outlook Forms
SC-18 Mobile Code Protects T1137.003 Outlook Forms
SC-44 Detonation Chambers Protects T1137.003 Outlook Forms
SI-02 Flaw Remediation Protects T1137.003 Outlook Forms
SI-08 Spam Protection Protects T1137.003 Outlook Forms