EXPLORE
Sign In
← Back to Explore
T1564.008

Email Hiding Rules

Adversaries may use email rules to hide inbound emails in a compromised user's mailbox. Many email clients allow users to create inbox rules for various email functions, including moving emails to other folders, marking emails as read, or deleting emails. Rules may be created or modified within email clients or through external features such as the <code>New-InboxRule</code> or <code>Set-InboxRule</code> [PowerShell](https://attack.mitre.org/techniques/T1059/001) cmdlets on Windows systems.(Cita...

WindowsLinuxmacOSOffice Suite
4
Detections
2
Sources
2
Threat Actors

BY SOURCE

3splunk_escu1elastic

PROCEDURES (2)

Email Security3 detections

Auto-extracted: 3 detections for email security

Script Execution Monitoring1 detections

Auto-extracted: 1 detections for script execution monitoring

THREAT ACTORS (2)

FIN4Scattered Spider

DETECTIONS (4)

M365 Exchange Inbox Phishing Evasion Rule Created
elasticmedium
O365 BEC Email Hiding Rule Created
splunk_escu
O365 Email New Inbox Rule Created
splunk_escu
O365 Email Transport Rule Changed
splunk_escu