File tree Expand file tree Collapse file tree 2 files changed +16
-0
lines changed
datasets/attack_techniques/T1114.003/transport_rule_change Expand file tree Collapse file tree 2 files changed +16
-0
lines changed Original file line number Diff line number Diff line change 1+ version https://git-lfs.github.com/spec/v1
2+ oid sha256:1520bac551d6b6d79dc2326e444f7414166d3706fdf6dc2a4ab8c701c317d292
3+ size 3113
Original file line number Diff line number Diff line change 1+ author : Steven Dick
2+ id : 3528c82a-ac25-4d88-b877-7c067f3a3710
3+ date : ' 2025-01-15'
4+ description : ' Sample of events when an Exchange transport rule is created or modified.'
5+ environment : attack_range
6+ dataset :
7+ - https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1114.003/transport_rule_change/transport_rule_change.log
8+ sourcetypes :
9+ - o365:management:activity
10+ references :
11+ - https://attack.mitre.org/techniques/T1114/003/
12+ - https://cardinalops.com/blog/cardinalops-contributes-new-mitre-attck-techniques-related-to-abuse-of-mail-transport-rules/
13+ - https://www.microsoft.com/en-us/security/blog/2022/09/22/malicious-OAuth-applications-used-to-compromise-email-servers-and-spread-spam/
You can’t perform that action at this time.
0 commit comments