← Back to Explore
T1114.003
Email Forwarding Rule
Adversaries may setup email forwarding rules to collect sensitive information. Adversaries may abuse email forwarding rules to monitor the activities of a victim, steal information, and further gain intelligence on the victim or the victim’s organization to use as part of further exploits or operations.(Citation: US-CERT TA18-068A 2018) Furthermore, email forwarding rules can allow adversaries to maintain persistent access to victim's emails even after compromised credentials are reset by admini...
LinuxmacOSOffice SuiteWindows
10
Detections
3
Sources
5
Threat Actors
BY SOURCE
6splunk_escu3elastic1sigma
PROCEDURES (5)
Office3 detections
Auto-extracted: 3 detections for office
Attachment2 detections
Auto-extracted: 2 detections for attachment
Exfiltrat2 detections
Auto-extracted: 2 detections for exfiltrat
Suspicious2 detections
Auto-extracted: 2 detections for suspicious
Exfiltrat1 detections
Auto-extracted: 1 detections for exfiltrat
THREAT ACTORS (5)
DETECTIONS (10)
Google Workspace Custom Gmail Route Created or Modified
elasticmedium
M365 Exchange Inbox Forwarding Rule Created
elasticmedium
M365 Exchange Mail Flow Transport Rule Created
elasticmedium
O365 Email New Inbox Rule Created
splunk_escu
O365 Email Suspicious Behavior Alert
splunk_escu
O365 Email Transport Rule Changed
splunk_escu
O365 Mailbox Email Forwarding Enabled
splunk_escu
O365 New Email Forwarding Rule Created
splunk_escu
O365 New Email Forwarding Rule Enabled
splunk_escu
Suspicious Inbox Forwarding Identity Protection
sigmahigh