← Back to Explore
T1098.002
Additional Email Delegate Permissions
Adversaries may grant additional permission levels to maintain persistent access to an adversary-controlled email account. For example, the <code>Add-MailboxPermission</code> [PowerShell](https://attack.mitre.org/techniques/T1059/001) cmdlet, available in on-premises Exchange and in the cloud-based service Office 365, adds permissions to a mailbox.(Citation: Microsoft - Add-MailboxPermission)(Citation: FireEye APT35 2018)(Citation: Crowdstrike Hiding in Plain Sight 2018) In Google Workspace, d...
WindowsOffice Suite
8
Detections
2
Sources
3
Threat Actors
BY SOURCE
6splunk_escu2elastic
PROCEDURES (5)
Email3 detections
Auto-extracted: 3 detections for email
Exfiltrat2 detections
Auto-extracted: 2 detections for exfiltrat
Network Connection Monitoring1 detections
Auto-extracted: 1 detections for network connection monitoring
Azure1 detections
Auto-extracted: 1 detections for azure
Exfiltrat1 detections
Auto-extracted: 1 detections for exfiltrat
THREAT ACTORS (3)
DETECTIONS (8)
Azure AD FullAccessAsApp Permission Assigned
splunk_escu
M365 Exchange Mailbox High-Risk Permission Delegated
elasticlow
New ActiveSyncAllowedDeviceID Added via PowerShell
elasticmedium
O365 ApplicationImpersonation Role Assigned
splunk_escu
O365 Elevated Mailbox Permission Assigned
splunk_escu
O365 FullAccessAsApp Permission Assigned
splunk_escu
O365 Mailbox Folder Read Permission Assigned
splunk_escu
O365 Mailbox Folder Read Permission Granted
splunk_escu