T1137.005 Outlook Rules Mappings

Adversaries may abuse Microsoft Outlook rules to obtain persistence on a compromised system. Outlook rules allow a user to define automated behavior to manage email messages. A benign rule might, for example, automatically move an email to a particular folder in Outlook if it contains specific words from a specific sender. Malicious Outlook rules can be created that can trigger code execution when an adversary sends a specifically crafted email to that user.(Citation: SilentBreak Outlook Rules)

Once malicious rules have been added to the user’s mailbox, they will be loaded when Outlook is started. Malicious rules will execute when an adversary sends a specifically crafted email to the user.(Citation: SilentBreak Outlook Rules)

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-06 Least Privilege Protects T1137.005 Outlook Rules
CM-02 Baseline Configuration Protects T1137.005 Outlook Rules
CM-06 Configuration Settings Protects T1137.005 Outlook Rules
SC-18 Mobile Code Protects T1137.005 Outlook Rules
SC-44 Detonation Chambers Protects T1137.005 Outlook Rules
SI-02 Flaw Remediation Protects T1137.005 Outlook Rules
SI-08 Spam Protection Protects T1137.005 Outlook Rules