T1566.001 Spearphishing Attachment Mappings

Adversaries may send spearphishing emails with a malicious attachment in an attempt to gain access to victim systems. Spearphishing attachment is a specific variant of spearphishing. Spearphishing attachment is different from other forms of spearphishing in that it employs the use of malware attached to an email. All forms of spearphishing are electronically delivered social engineering targeted at a specific individual, company, or industry. In this scenario, adversaries attach a file to the spearphishing email and usually rely upon User Execution to gain execution. Spearphishing may also involve social engineering techniques, such as posing as a trusted source.

There are many options for the attachment such as Microsoft Office documents, executables, PDFs, or archived files. Upon opening the attachment (and potentially clicking past protections), the adversary's payload exploits a vulnerability or directly executes on the user's system. The text of the spearphishing email usually tries to give a plausible reason why the file should be opened, and may explain how to bypass system protections in order to do so. The email may also contain instructions on how to decrypt an attachment, such as a zip file password, in order to evade email boundary defenses. Adversaries frequently manipulate file extensions and icons in order to make attached executables appear to be document files, or files exploiting one application appear to be a file for a different one.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-04 Information Flow Enforcement Protects T1566.001 Spearphishing Attachment
CA-07 Continuous Monitoring Protects T1566.001 Spearphishing Attachment
CM-02 Baseline Configuration Protects T1566.001 Spearphishing Attachment
CM-06 Configuration Settings Protects T1566.001 Spearphishing Attachment
IA-09 Service Identification and Authentication Protects T1566.001 Spearphishing Attachment
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1566.001 Spearphishing Attachment
SC-44 Detonation Chambers Protects T1566.001 Spearphishing Attachment
SC-07 Boundary Protection Protects T1566.001 Spearphishing Attachment
SI-02 Flaw Remediation Protects T1566.001 Spearphishing Attachment
SI-03 Malicious Code Protection Protects T1566.001 Spearphishing Attachment
SI-04 System Monitoring Protects T1566.001 Spearphishing Attachment
SI-08 Spam Protection Protects T1566.001 Spearphishing Attachment
EOP-AntiSpam-E3 AntiSpam Technique Scores T1566.001 Spearphishing Attachment
EOP-AP-E3 Anti-Phishing Technique Scores T1566.001 Spearphishing Attachment
EOP-Antimalware-E3 Antimalware Technique Scores T1566.001 Spearphishing Attachment
ME-MFA-E3 Multi-factor Authentication Technique Scores T1566.001 Spearphishing Attachment
M365-DEF-ZAP-E3 Zero Hour Auto Purge Technique Scores T1566.001 Spearphishing Attachment
DO365-TT-E5 Threat Tracker Technique Scores T1566.001 Spearphishing Attachment
DO365-TPSR-E3 Threat Protection Status Report Technique Scores T1566.001 Spearphishing Attachment
DO365-TE-E5 Threat Explorer Technique Scores T1566.001 Spearphishing Attachment
DEF-SecScore-E3 Secure Score Technique Scores T1566.001 Spearphishing Attachment
DEF-SA-E3 Safe Attachments Technique Scores T1566.001 Spearphishing Attachment
DEF-SA-E3 Safe Attachments Technique Scores T1566.001 Spearphishing Attachment
DEF-Quarantine-E3 Quarantine Policies Technique Scores T1566.001 Spearphishing Attachment
DO365-PSP-E3 Preset Security Policies Technique Scores T1566.001 Spearphishing Attachment
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1566.001 Spearphishing Attachment
DEF-SIM-E5 ATT&CK Simulation Training Technique Scores T1566.001 Spearphishing Attachment
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1566.001 Spearphishing Attachment
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1566.001 Spearphishing Attachment
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1566.001 Spearphishing Attachment
DO365-AAP-E5 Advanced Anti-phishing Technique Scores T1566.001 Spearphishing Attachment