Detections
- Home
- - Detections
- -DT040
- ID: DT040
- Created: 01st June 2024
- Updated: 01st June 2024
- Contributor: The ITM Team
Microsoft Exchange Message Trace
Message trace is a feature within Exchange that permits the ability to identify inbound and outbound emails within the organization.
This can be used to see which mailboxes have sent or received emails, the time, the subject line, and recipients.
Sections
ID | Name | Description |
---|---|---|
IF010 | Exfiltration via Email | A subject uses electronic mail to exfiltrate data. |
IF010.001 | Exfiltration via Corporate Email | A subject exfiltrates information using their corporate-issued mailbox, either via software or webmail. They will access the conversation at a later date to retrieve information on a different system. |
IF010.002 | Exfiltration via Personal Email | A subject exfiltrates information using a mailbox they own or have access to, either via software or webmail. They will access the conversation at a later date to retrieve information on a different system. |
PR015.003 | Email Forwarding Rule | The subject creates an email forwarding rule to transport any incoming emails from one mailbox to another. |