Use Case: Phishing

May 13, 2026 · View on GitHub

Use Case: Phishing

Vendor: Accellion

ProductMITRE ATT&CK® TTPContent
KiteworksT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models

Vendor: Adobe

ProductMITRE ATT&CK® TTPContent
Adobe Experience ManagerT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: Akamai

ProductMITRE ATT&CK® TTPContent
Akamai SIEMT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules
Cloud AkamaiT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: Amazon

ProductMITRE ATT&CK® TTPContent
AWS CloudWatchT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules
AWS Elastic Load BalancerT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules
AWS Simple Email ServiceT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models
AWS WAFT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules
Amazon S3T1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: Apache

ProductMITRE ATT&CK® TTPContent
ApacheT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: Armorblox

ProductMITRE ATT&CK® TTPContent
ArmorbloxT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models

Vendor: Auth0

ProductMITRE ATT&CK® TTPContent
Auth0T1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: Barracuda

ProductMITRE ATT&CK® TTPContent
Barracuda Cloudgen FirewallT1566 - Phishing
  • 2 Rules
  • 2 Models
Barracuda Email Security GatewayT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models

Vendor: BeyondTrust

ProductMITRE ATT&CK® TTPContent
BeyondTrustT1566 - Phishing
T1566.001 - T1566.001
  • 1 Rules

Vendor: Bitglass

ProductMITRE ATT&CK® TTPContent
Bitglass CASBT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models

Vendor: CatoNetworks

ProductMITRE ATT&CK® TTPContent
Cato CloudT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 5 Rules
  • 2 Models

Vendor: Check Point

ProductMITRE ATT&CK® TTPContent
Check Point AvananT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models
Check Point Identity AwarenessT1566 - Phishing
  • 2 Rules
  • 2 Models
Check Point NGFWT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 6 Rules
  • 3 Models
Check Point Security GatewayT1566 - Phishing
  • 2 Rules
  • 2 Models

Vendor: Cisco

ProductMITRE ATT&CK® TTPContent
Cisco Cloud SecurityT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules
Cisco Email SecurityT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models
Cisco IOST1566 - Phishing
T1566.001 - T1566.001
  • 1 Rules
Cisco Network SecurityT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.001 - T1566.001
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 6 Rules
  • 2 Models
Cisco Remote Access SecurityT1566 - Phishing
  • 2 Rules
  • 2 Models
Cisco Web SecurityT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: Citrix

ProductMITRE ATT&CK® TTPContent
Citrix GatewayT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.001 - T1566.001
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 6 Rules
  • 2 Models
Citrix Virtual AppsT1566 - Phishing
  • 2 Rules
  • 2 Models

Vendor: Cloudflare

ProductMITRE ATT&CK® TTPContent
Cloudflare InsightsT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules
Cloudflare WAFT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: CrowdStrike

ProductMITRE ATT&CK® TTPContent
FalconT1566 - Phishing
T1566.001 - T1566.001
  • 1 Rules

Vendor: Darktrace

ProductMITRE ATT&CK® TTPContent
DarktraceT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models

Vendor: Delinea

ProductMITRE ATT&CK® TTPContent
Centrify Infrastructure ServicesT1566 - Phishing
T1566.001 - T1566.001
  • 1 Rules

Vendor: Dell

ProductMITRE ATT&CK® TTPContent
SonicwallT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 5 Rules
  • 2 Models

Vendor: Digital Arts

ProductMITRE ATT&CK® TTPContent
Digital Arts i-FILTER for BusinessT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: Digital Guardian

ProductMITRE ATT&CK® TTPContent
Digital Guardian Endpoint ProtectionT1566 - Phishing
T1566.001 - T1566.001
  • 1 Rules
Digital Guardian Network DLPT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1566 - Phishing
T1566.001 - T1566.001
  • 2 Rules
  • 1 Models

Vendor: Dropbox

ProductMITRE ATT&CK® TTPContent
DropboxT1566 - Phishing
  • 2 Rules
  • 2 Models

Vendor: Dtex Systems

ProductMITRE ATT&CK® TTPContent
DTEX InTERCEPTT1566 - Phishing
T1566.001 - T1566.001
  • 1 Rules

Vendor: F5

ProductMITRE ATT&CK® TTPContent
F5 Access Policy ManagerT1566 - Phishing
  • 2 Rules
  • 2 Models
F5 BIG-IPT1566 - Phishing
  • 2 Rules
  • 2 Models
F5 Distributed CloudT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules
F5 WebSafeT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: Forcepoint

ProductMITRE ATT&CK® TTPContent
Forcepoint DLPT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models
Forcepoint Email SecurityT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models
Websense Security GatewayT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: Fortinet

ProductMITRE ATT&CK® TTPContent
FortiClientT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules
FortiGateT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 5 Rules
  • 2 Models
FortiSIEMT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models
Fortinet Enterprise FirewallT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules
Fortinet UTMT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules
Fortiweb Web Application FirewallT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: FreeBSD

ProductMITRE ATT&CK® TTPContent
FreeBSDT1566 - Phishing
T1566.001 - T1566.001
  • 1 Rules

Vendor: GitHub

ProductMITRE ATT&CK® TTPContent
GitHubT1566 - Phishing
T1566.001 - T1566.001
  • 1 Rules

Vendor: Google

ProductMITRE ATT&CK® TTPContent
GCP CloudAuditT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules
Google Cloud PlatformT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules
Google WorkspaceT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models

Vendor: HP

ProductMITRE ATT&CK® TTPContent
Aruba Mobility MasterT1566 - Phishing
  • 2 Rules
  • 2 Models

Vendor: HUMAN Security

ProductMITRE ATT&CK® TTPContent
HUMAN Bot DefenderT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: HelpSystems

ProductMITRE ATT&CK® TTPContent
Powertech Identity and Access ManagerT1566 - Phishing
T1566.001 - T1566.001
  • 1 Rules

Vendor: Hornet

ProductMITRE ATT&CK® TTPContent
Hornetsecurity Cloud Email Security ServicesT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models

Vendor: Huawei

ProductMITRE ATT&CK® TTPContent
Huawei Unified Security GatewayT1566 - Phishing
T1566.001 - T1566.001
  • 1 Rules

Vendor: IBM

ProductMITRE ATT&CK® TTPContent
Security Access ManagerT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: IMSVA

ProductMITRE ATT&CK® TTPContent
IMSVAT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models

Vendor: Imperva

ProductMITRE ATT&CK® TTPContent
Imperva IncapsulaT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: Infoblox

ProductMITRE ATT&CK® TTPContent
BloxOne DDIT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: Island

ProductMITRE ATT&CK® TTPContent
Island Enterprise BrowserT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: Ivanti

ProductMITRE ATT&CK® TTPContent
Ivanti Pulse SecureT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 5 Rules
  • 2 Models

Vendor: Jamf

ProductMITRE ATT&CK® TTPContent
Jamf ProtectT1566 - Phishing
T1566.001 - T1566.001
  • 1 Rules

Vendor: Juniper Networks

ProductMITRE ATT&CK® TTPContent
Junos OST1566 - Phishing
T1566.001 - T1566.001
  • 1 Rules

Vendor: Kasada

ProductMITRE ATT&CK® TTPContent
KasadaT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: Kong

ProductMITRE ATT&CK® TTPContent
Kong GatewayT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: LanScope

ProductMITRE ATT&CK® TTPContent
LanScope CatT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: Libraesva

ProductMITRE ATT&CK® TTPContent
Libraesva Email SecurityT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models

Vendor: LogRhythm

ProductMITRE ATT&CK® TTPContent
LogRhythmT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1566 - Phishing
T1566.001 - T1566.001
  • 2 Rules
  • 1 Models

Vendor: McAfee

ProductMITRE ATT&CK® TTPContent
McAfee Web GatewayT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: Menlo Security

ProductMITRE ATT&CK® TTPContent
Menlo SecurityT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: Microsoft

ProductMITRE ATT&CK® TTPContent
Active Directory Federation ServicesT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules
Azure MonitorT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules
Azure Monitor - VM InsightsT1566 - Phishing
T1566.001 - T1566.001
  • 1 Rules
Event Viewer - ADFST1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules
Event Viewer - ApplicationT1566 - Phishing
T1566.001 - T1566.001
  • 1 Rules
Event Viewer - PowerShellT1566 - Phishing
T1566.001 - T1566.001
  • 1 Rules
Event Viewer - SecurityT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.001 - T1566.001
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 4 Rules
Event Viewer - SystemT1566 - Phishing
T1566.001 - T1566.001
  • 1 Rules
Event Viewer - WinNatT1566 - Phishing
  • 2 Rules
  • 2 Models
M365 Audit LogsT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models
MSSQLT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules
Microsoft 365T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 4 Rules
  • 1 Models
Microsoft CAST1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models
Microsoft DefenderT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.001 - T1566.001
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 5 Rules
  • 1 Models
Microsoft ExchangeT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models
Microsoft IIST1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules
Microsoft RRAST1566 - Phishing
  • 2 Rules
  • 2 Models
Microsoft SentinelT1566 - Phishing
T1566.001 - T1566.001
  • 1 Rules
Microsoft WMI LogT1566 - Phishing
T1566.001 - T1566.001
  • 1 Rules
SysmonT1566 - Phishing
T1566.001 - T1566.001
  • 1 Rules

Vendor: Mimecast

ProductMITRE ATT&CK® TTPContent
Code42 IncydrT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models
Mimecast Secure Email GatewayT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models
Mimecast Targeted Threat Protection - URLT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: Netskope

ProductMITRE ATT&CK® TTPContent
Netskope Security CloudT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 4 Rules
  • 1 Models
Netskope WebtxT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: NextDLP

ProductMITRE ATT&CK® TTPContent
RevealT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: Open VPN

ProductMITRE ATT&CK® TTPContent
Open VPNT1566 - Phishing
  • 2 Rules
  • 2 Models

Vendor: Oracle

ProductMITRE ATT&CK® TTPContent
SolarisT1566 - Phishing
T1566.001 - T1566.001
  • 1 Rules

Vendor: Palo Alto Networks

ProductMITRE ATT&CK® TTPContent
GlobalProtectT1566 - Phishing
  • 2 Rules
  • 2 Models
Palo Alto NGFWT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules
Prisma AccessT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules
Prisma CloudT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: Ping Identity

ProductMITRE ATT&CK® TTPContent
ForgeRockT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules
Ping AccessT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: Postfix

ProductMITRE ATT&CK® TTPContent
PostfixT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models

Vendor: Proofpoint

ProductMITRE ATT&CK® TTPContent
Proofpoint Email ProtectionT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models
Proofpoint Enterprise ProtectionT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models
Targeted Attack PlatformT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models

Vendor: SIGSCI

ProductMITRE ATT&CK® TTPContent
SIGSCIT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: Salesforce

ProductMITRE ATT&CK® TTPContent
SalesforceT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 4 Rules
  • 1 Models

Vendor: Sangfor

ProductMITRE ATT&CK® TTPContent
Sangfor NGAFT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: SecureNet

ProductMITRE ATT&CK® TTPContent
SecureNetT1566 - Phishing
  • 2 Rules
  • 2 Models

Vendor: SentinelOne

ProductMITRE ATT&CK® TTPContent
Singularity PlatformT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.001 - T1566.001
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 4 Rules

Vendor: ServiceNow

ProductMITRE ATT&CK® TTPContent
ServiceNowT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: SkySea

ProductMITRE ATT&CK® TTPContent
SkySea ClientViewT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.001 - T1566.001
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 5 Rules
  • 1 Models

Vendor: Skyhigh Security

ProductMITRE ATT&CK® TTPContent
Secure Web GatewayT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules
Skyhigh Security CloudT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: Sophos

ProductMITRE ATT&CK® TTPContent
Sophos Endpoint ProtectionT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules
Sophos UTMT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules
Sophos XG FirewallT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules
Sophos XGS FirewallT1566 - Phishing
  • 2 Rules
  • 2 Models

Vendor: Squid

ProductMITRE ATT&CK® TTPContent
SquidT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: Swift

ProductMITRE ATT&CK® TTPContent
SwiftT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: Symantec

ProductMITRE ATT&CK® TTPContent
Symantec DLPT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models
Symantec Email SecurityT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models
Symantec Web Security ServiceT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 4 Rules
  • 1 Models

Vendor: Tessian

ProductMITRE ATT&CK® TTPContent
Tessian Cloud Email SecurityT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models

Vendor: Trellix

ProductMITRE ATT&CK® TTPContent
Trellix Network Security (NX)T1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: Trend Micro

ProductMITRE ATT&CK® TTPContent
Deep SecurityT1566 - Phishing
T1566.001 - T1566.001
  • 1 Rules

Vendor: Unix

ProductMITRE ATT&CK® TTPContent
AuditbeatT1566 - Phishing
T1566.001 - T1566.001
  • 1 Rules
UnixT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1566 - Phishing
T1566.001 - T1566.001
  • 2 Rules
  • 1 Models
Unix AuditdT1566 - Phishing
T1566.001 - T1566.001
  • 1 Rules
Unix SendmailT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models

Vendor: VMware

ProductMITRE ATT&CK® TTPContent
Carbon Black App ControlT1566 - Phishing
T1566.001 - T1566.001
  • 1 Rules
Carbon Black CEST1566 - Phishing
T1566.001 - T1566.001
  • 1 Rules
Carbon Black EDRT1566 - Phishing
T1566.001 - T1566.001
  • 1 Rules
VMware ESXiT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: Watchguard

ProductMITRE ATT&CK® TTPContent
WatchguardT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules

Vendor: Zeek

ProductMITRE ATT&CK® TTPContent
ZeekT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 4 Rules
  • 1 Models

Vendor: Zscaler

ProductMITRE ATT&CK® TTPContent
Zscaler Breach PredictorT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules
Zscaler Internet AccessT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules
Zscaler Private AccessT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 5 Rules
  • 2 Models

Vendor:

Vendor: iBoss

ProductMITRE ATT&CK® TTPContent
Iboss CloudT1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules