← Back to Explore
T1070.008
Clear Mailbox Data
Adversaries may modify mail and mail application data to remove evidence of their activity. Email applications allow users and other programs to export and delete mailbox data via command line tools or use of APIs. Mail application data can be emails, email metadata, or logs generated by the application or operating system, such as export requests. Adversaries may manipulate emails and mailbox data to remove logs, artifacts, and metadata, such as evidence of [Phishing](https://attack.mitre.org...
LinuxmacOSOffice SuiteWindows
8
Detections
2
Sources
2
Threat Actors
BY SOURCE
7splunk_escu1elastic
PROCEDURES (4)
Email Security4 detections
Auto-extracted: 4 detections for email security
Exfiltrat2 detections
Auto-extracted: 2 detections for exfiltrat
General Monitoring1 detections
Auto-extracted: 1 detections for general monitoring
Authentication Monitoring1 detections
Auto-extracted: 1 detections for authentication monitoring
THREAT ACTORS (2)
DETECTIONS (8)
Cisco ASA - User Account Deleted From Local Database
splunk_escu
M365 Exchange MFA Notification Email Deleted or Moved
elasticlow
O365 Email Hard Delete Excessive Volume
splunk_escu
O365 Email Password and Payroll Compromise Behavior
splunk_escu
O365 Email Receive and Hard Delete Takeover Behavior
splunk_escu
O365 Email Send and Hard Delete Exfiltration Behavior
splunk_escu
O365 Email Send and Hard Delete Suspicious Behavior
splunk_escu
O365 Email Send Attachments Excessive Volume
splunk_escu