Outlook Forms - T1137.003 (a9e2cea0-c805-4bf8-9e31-f5f0513a3634)
Adversaries may abuse Microsoft Outlook forms to obtain persistence on a compromised system. Outlook forms are used as templates for presentation and functionality in Outlook messages. Custom Outlook forms can be created that will execute code when a specifically crafted email is sent by an adversary utilizing the same custom Outlook form.(Citation: SensePost Outlook Forms)
Once malicious forms have been added to the user’s mailbox, they will be loaded when Outlook is started. Malicious forms will execute when an adversary sends a specifically crafted email to the user.(Citation: SensePost Outlook Forms)
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) | Attack Pattern | Outlook Forms - T1137.003 (a9e2cea0-c805-4bf8-9e31-f5f0513a3634) | Attack Pattern | 1 |