Vendor: Microsoft
June 14, 2023 · View on GitHub
Product: Windows
Use-Case: Phishing
| Rules | Models | MITRE ATT&CK® TTPs | Event Types | Parsers |
|---|---|---|---|---|
| 4 | 2 | 2 | 2 | 2 |
| Event Type | Rules | Models |
|---|---|---|
| process-created | T1566.001 - T1566.001 ↳ A-Exec-Outlook-Temp: A suspicious program was executed in the Outlook temp folder on this asset. ↳ Exec-Outlook-Temp: A suspicious program was executed in the Outlook temp folder. | |
| vpn-logout | T1566 - Phishing ↳ EM-FNum-in: Abnormal number of incoming emails ↳ EM-BSum-in: Abnormal size of incoming emails | • EM-BSum-in: Sum of bytes in incoming emails • EM-FNum-in: Count of incoming emails |