o365-exchange-techniques
o365-exchange-techniques - Office365/Exchange related techniques by @johnLaTwC and @inversecos
Authors
| Authors and/or Contributors |
|---|
| John Lambert |
| Alexandre Dulaunoy |
| Lina Lau |
| Thomas Patzke |
AAD - Dump users and groups with Azure AD
AAD - Dump users and groups with Azure AD
Internal MISP references
UUID fab70361-329a-410a-9dc4-831ecd8df39f which can be used as unique global reference for AAD - Dump users and groups with Azure AD in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Recon'] |
AAD - PowerShell
AAD - PowerShell
Internal MISP references
UUID dad1c272-e761-45e8-993d-70433417a45e which can be used as unique global reference for AAD - PowerShell in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Recon'] |
AAD - Enumerate Domains
AAD - Enumerate Domains
Internal MISP references
UUID 926ef557-581d-4117-a095-2571f655a7b4 which can be used as unique global reference for AAD - Enumerate Domains in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Recon'] |
AAD - Enumerate Users
AAD - Enumerate Users
Internal MISP references
UUID 4f885396-3f4e-451b-ae26-995efd403cf5 which can be used as unique global reference for AAD - Enumerate Users in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Recon'] |
O365 - Get Global Address List: MailSniper
O365 - Get Global Address List: MailSniper
Internal MISP references
UUID 21833216-1b8a-43a9-b51e-500c67a900a8 which can be used as unique global reference for O365 - Get Global Address List: MailSniper in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Recon'] |
O365 - Find Open Mailboxes: MailSniper
O365 - Find Open Mailboxes: MailSniper
Internal MISP references
UUID 9e3af2e1-90a6-4d69-ba82-cb0c99401713 which can be used as unique global reference for O365 - Find Open Mailboxes: MailSniper in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Recon'] |
O365 - User account enumeration with ActiveSync
O365 - User account enumeration with ActiveSync
Internal MISP references
UUID 53361eef-39b0-4c46-a009-0b4e3a0e286a which can be used as unique global reference for O365 - User account enumeration with ActiveSync in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Recon'] |
End Point - Search host for Azure Credentials: SharpCloud
End Point - Search host for Azure Credentials: SharpCloud
Internal MISP references
UUID 5c0c2b04-77e5-4f50-a0b8-206d7cc9946a which can be used as unique global reference for End Point - Search host for Azure Credentials: SharpCloud in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Recon'] |
On-Prem Exchange - Portal Recon
On-Prem Exchange - Portal Recon
Internal MISP references
UUID 2cd547bf-b093-4dab-b9e5-5172049cbc0d which can be used as unique global reference for On-Prem Exchange - Portal Recon in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Recon'] |
On-Prem Exchange - Enumerate domain accounts: using Skype4B
On-Prem Exchange - Enumerate domain accounts: using Skype4B
Internal MISP references
UUID 651fdde4-09ed-48b7-9620-545d7dcec251 which can be used as unique global reference for On-Prem Exchange - Enumerate domain accounts: using Skype4B in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Recon'] |
On-Prem Exchange - Enumerate domain accounts: OWA & Exchange
On-Prem Exchange - Enumerate domain accounts: OWA & Exchange
Internal MISP references
UUID 008c46de-4667-4e40-9bea-74e91b6587fd which can be used as unique global reference for On-Prem Exchange - Enumerate domain accounts: OWA & Exchange in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Recon'] |
On-Prem Exchange - Enumerate domain accounts: FindPeople
On-Prem Exchange - Enumerate domain accounts: FindPeople
Internal MISP references
UUID 435e9319-88ed-4555-be84-a5322dc997a4 which can be used as unique global reference for On-Prem Exchange - Enumerate domain accounts: FindPeople in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Recon'] |
On-Prem Exchange - OWA version discovery
On-Prem Exchange - OWA version discovery
Internal MISP references
UUID f227caf6-9399-4ac3-bab4-010f66853abb which can be used as unique global reference for On-Prem Exchange - OWA version discovery in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Recon'] |
Bruteforce via OWA
Bruteforce via OWA
Internal MISP references
UUID 9bb7b28f-2957-46b4-8814-4126298f4860 which can be used as unique global reference for Bruteforce via OWA in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Initial Access'] |
Bruteforce EWS
Bruteforce EWS
Internal MISP references
UUID 4d0099c5-06e7-40ed-a9a6-2d9f6d8df195 which can be used as unique global reference for Bruteforce EWS in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Initial Access'] |
Bruteforce OAuth
Bruteforce OAuth
Internal MISP references
UUID bb7871fe-abc7-4935-b0fd-3cbf66a4ef0c which can be used as unique global reference for Bruteforce OAuth in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Initial Access'] |
Bruteforce via AAD Sign in Form
Bruteforce via AAD Sign in Form
Internal MISP references
UUID 0889bb82-ddd8-411d-9288-be8d56a05247 which can be used as unique global reference for Bruteforce via AAD Sign in Form in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Initial Access'] |
Bruteforce through Autologon API
Bruteforce through Autologon API
Internal MISP references
UUID 63727b2f-64d6-4d1b-b017-38a3ede510e1 which can be used as unique global reference for Bruteforce through Autologon API in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Initial Access'] |
AAD - Password Spray: MailSniper
AAD - Password Spray: MailSniper
Internal MISP references
UUID 933ec08d-a6d4-4ced-b732-4cb0331e7799 which can be used as unique global reference for AAD - Password Spray: MailSniper in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Initial Access'] |
AAD - Password Spray: CredKing
AAD - Password Spray: CredKing
Internal MISP references
UUID 5670ca90-38cd-4825-bd83-1bdb31fd5ea3 which can be used as unique global reference for AAD - Password Spray: CredKing in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Initial Access'] |
O365 - Bruteforce of Autodiscover: SensePost Ruler
O365 - Bruteforce of Autodiscover: SensePost Ruler
Internal MISP references
UUID d66c1ead-4dd3-4968-b6fe-faf41b7fb88d which can be used as unique global reference for O365 - Bruteforce of Autodiscover: SensePost Ruler in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Initial Access'] |
O365 - Phishing for credentials
O365 - Phishing for credentials
Internal MISP references
UUID eda57f15-029c-4465-9401-f9dafc6d366c which can be used as unique global reference for O365 - Phishing for credentials in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Initial Access'] |
O365 - Phishing using OAuth app
O365 - Phishing using OAuth app
Internal MISP references
UUID 61589df6-6848-4866-8613-8a4a7478abef which can be used as unique global reference for O365 - Phishing using OAuth app in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Initial Access'] |
O365 - 2FA MITM Phishing: evilginx2
O365 - 2FA MITM Phishing: evilginx2
Internal MISP references
UUID fa1087c8-012d-4ef6-9eb3-5b5a6fb94c02 which can be used as unique global reference for O365 - 2FA MITM Phishing: evilginx2 in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Initial Access'] |
O365 - MFA Bypass via IMAP/POP
O365 - MFA Bypass via IMAP/POP
Internal MISP references
UUID 9043a195-2ac8-4732-a049-f8dee3b98d10 which can be used as unique global reference for O365 - MFA Bypass via IMAP/POP in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Initial Access'] |
Compromising Pass-Through Authentication
Compromising Pass-Through Authentication
Internal MISP references
UUID 00f0bd50-61f2-401a-96e5-81453a86ec33 which can be used as unique global reference for Compromising Pass-Through Authentication in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Initial Access'] |
Enumerate Users, Admins, Roles and Permissions
Enumerate Users, Admins, Roles and Permissions
Internal MISP references
UUID 25e47935-abd5-49b9-8366-b6fe8021cb38 which can be used as unique global reference for Enumerate Users, Admins, Roles and Permissions in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Recon'] |
Enumerate MFA Settings
Enumerate MFA Settings
Internal MISP references
UUID fe8ad955-f794-4aa2-b5fb-2e5f241c45e8 which can be used as unique global reference for Enumerate MFA Settings in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Recon'] |
Golden SAML
Golden SAML
Internal MISP references
UUID 4f14c96d-3ffe-42df-9e4c-1e2801e1f1e9 which can be used as unique global reference for Golden SAML in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Initial Access', 'tactics:Persistence'] |
On-Prem Exchange - Password Spray using Invoke-PasswordSprayOWA, EWS
On-Prem Exchange - Password Spray using Invoke-PasswordSprayOWA, EWS
Internal MISP references
UUID 8ffe80b9-0213-40c6-aeca-8877bdca8741 which can be used as unique global reference for On-Prem Exchange - Password Spray using Invoke-PasswordSprayOWA, EWS in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Initial Access'] |
On-Prem Exchange - Bruteforce of Autodiscover: SensePost Ruler
On-Prem Exchange - Bruteforce of Autodiscover: SensePost Ruler
Internal MISP references
UUID cf8df948-0332-4ec7-94f3-3f6d54bbcbb9 which can be used as unique global reference for On-Prem Exchange - Bruteforce of Autodiscover: SensePost Ruler in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Initial Access'] |
Change MFA Settings
Change MFA Settings
Internal MISP references
UUID 985d69e2-b5bd-41ca-b966-c0fed94e8863 which can be used as unique global reference for Change MFA Settings in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Persistence', 'tactics:Actions on Intent'] |
Change Conditional Access Settings
Change Conditional Access Settings
Internal MISP references
UUID b2719765-02d1-4d60-862a-7cb12498b0bd which can be used as unique global reference for Change Conditional Access Settings in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Persistence'] |
Malicious App Registrations
Malicious App Registrations
Internal MISP references
UUID 3aff26be-f22e-4169-a508-ef2877d67c03 which can be used as unique global reference for Malicious App Registrations in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Initial Access', 'tactics:Persistence'] |
Add Service Principal or App Credentials
Add Service Principal or App Credentials
Internal MISP references
UUID fd6b47aa-2bd2-4a17-bfd7-104188ff4adc which can be used as unique global reference for Add Service Principal or App Credentials in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Persistence'] |
Add Service Principal
Add Service Principal
Internal MISP references
UUID 5148933b-7c65-4229-a545-0cc8d23c0587 which can be used as unique global reference for Add Service Principal in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Persistence'] |
Add Federation Trust
Add Federation Trust
Internal MISP references
UUID 26af635c-5441-4465-bc98-8d764762bfd5 which can be used as unique global reference for Add Federation Trust in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Persistence'] |
O365 - Add Mail forwarding rule
O365 - Add Mail forwarding rule
Internal MISP references
UUID 80308e39-11e9-45b2-b6d2-f13f3de509ab which can be used as unique global reference for O365 - Add Mail forwarding rule in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Persistence'] |
Add Global admin account
Add Global admin account
Internal MISP references
UUID a9c1f718-b9bf-4efc-9fa1-852b6c93f725 which can be used as unique global reference for Add Global admin account in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Persistence'] |
Add user account
Add user account
Internal MISP references
UUID cef7c750-18fb-47b4-8471-b5a8ce4f83d0 which can be used as unique global reference for Add user account in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Persistence'] |
O365 - Delegate Tenant Admin
O365 - Delegate Tenant Admin
Internal MISP references
UUID 2f10dbd7-89e4-4929-8bdc-8ca167f08ace which can be used as unique global reference for O365 - Delegate Tenant Admin in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Persistence'] |
End Point - Persistence throught Outlook Home Page: SensePost Ruler
End Point - Persistence throught Outlook Home Page: SensePost Ruler
Internal MISP references
UUID 708790c8-3e6f-4dd3-8f89-0651ef71dfe0 which can be used as unique global reference for End Point - Persistence throught Outlook Home Page: SensePost Ruler in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Persistence'] |
End Point - Persistence throught custom Outlook form
End Point - Persistence throught custom Outlook form
Internal MISP references
UUID aadc2552-97db-419c-a414-5c1f862d38ef which can be used as unique global reference for End Point - Persistence throught custom Outlook form in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Persistence'] |
Mailbox Rule Creation
Mailbox Rule Creation
Internal MISP references
UUID d023f254-466b-436b-acfd-beea54c323b1 which can be used as unique global reference for Mailbox Rule Creation in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Persistence'] |
Mailbox Folder Permissions
Mailbox Folder Permissions
Internal MISP references
UUID 2f11c018-cf49-4361-b17c-573dbab1005f which can be used as unique global reference for Mailbox Folder Permissions in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Persistence'] |
Mail Flow (Transport Rules)
Mail Flow (Transport Rules)
Internal MISP references
UUID fe3dbf72-3bfe-4387-b9e0-f0a135a8f21b which can be used as unique global reference for Mail Flow (Transport Rules) in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Persistence'] |
O365 - MailSniper: Search Mailbox for credentials
O365 - MailSniper: Search Mailbox for credentials
Internal MISP references
UUID fccf7c5a-7d2c-413b-ae45-d5ab226c8ba8 which can be used as unique global reference for O365 - MailSniper: Search Mailbox for credentials in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Expansion'] |
O365 - Search for Content with eDiscovery
O365 - Search for Content with eDiscovery
Internal MISP references
UUID fe65c7ed-7129-4591-a82e-a223b0cdbf14 which can be used as unique global reference for O365 - Search for Content with eDiscovery in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Expansion', 'tactics:Actions on Intent'] |
O365 - Account Takeover: Add-MailboxPermission
O365 - Account Takeover: Add-MailboxPermission
Internal MISP references
UUID 19f22ecb-8470-4f69-a763-46a19afe6c5d which can be used as unique global reference for O365 - Account Takeover: Add-MailboxPermission in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Expansion'] |
O365 - Pivot to On-Prem host: SensePost Ruler
O365 - Pivot to On-Prem host: SensePost Ruler
Internal MISP references
UUID c0010a9d-666e-4cfd-a9b3-21f5861ecdf6 which can be used as unique global reference for O365 - Pivot to On-Prem host: SensePost Ruler in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Expansion'] |
O365 - Exchange Tasks for C2: MWR
O365 - Exchange Tasks for C2: MWR
Internal MISP references
UUID 9ada2a83-c632-4c9c-91cd-b1d7b947e44a which can be used as unique global reference for O365 - Exchange Tasks for C2: MWR in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Expansion'] |
O365 - Send Internal Email
O365 - Send Internal Email
Internal MISP references
UUID 685af033-af7b-4582-a539-5f1f9080fd98 which can be used as unique global reference for O365 - Send Internal Email in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Expansion'] |
On-Prem Exchange - Search Mailboxes with eDiscovery searches (EXO, Teams, SPO, OD4B, Skype4B)
On-Prem Exchange - Search Mailboxes with eDiscovery searches (EXO, Teams, SPO, OD4B, Skype4B)
Internal MISP references
UUID 0f33ff1e-2305-4239-8d30-38edcfe2511a which can be used as unique global reference for On-Prem Exchange - Search Mailboxes with eDiscovery searches (EXO, Teams, SPO, OD4B, Skype4B) in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Expansion'] |
On-Prem Exchange - Delegation
On-Prem Exchange - Delegation
Internal MISP references
UUID a69da576-7ed2-4b29-8c4a-6c16bd2c2a54 which can be used as unique global reference for On-Prem Exchange - Delegation in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Expansion'] |
O365 - MailSniper: Search Mailbox for content
O365 - MailSniper: Search Mailbox for content
Internal MISP references
UUID ae6eb93b-503f-49b5-98db-3f282551facb which can be used as unique global reference for O365 - MailSniper: Search Mailbox for content in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Actions on Intent'] |
O365 - Exfiltration email using EWS APIs with PowerShell
O365 - Exfiltration email using EWS APIs with PowerShell
Internal MISP references
UUID 4d67a417-169c-47d0-a7fa-d710b9e2f611 which can be used as unique global reference for O365 - Exfiltration email using EWS APIs with PowerShell in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Actions on Intent'] |
Downgrade License
Downgrade License
Internal MISP references
UUID 6407e2b8-2266-496f-b8bd-5757d99d20e9 which can be used as unique global reference for Downgrade License in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Actions on Intent'] |
Impersonate Users
Impersonate Users
Internal MISP references
UUID d4cec16a-ef8e-4c97-aa6a-1d95cd03e10e which can be used as unique global reference for Impersonate Users in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Actions on Intent'] |
Assign Administrative Role to Service Principal
Assign Administrative Role to Service Principal
Internal MISP references
UUID 1b302149-dccc-4d63-8d4d-47217ba7fc90 which can be used as unique global reference for Assign Administrative Role to Service Principal in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Persistence', 'tactics:Actions on Intent'] |
Elevate to User Access Administrator Role
Elevate to User Access Administrator Role
Internal MISP references
UUID 8d2b6b21-5d20-4ecd-9be0-c71c826cf8a4 which can be used as unique global reference for Elevate to User Access Administrator Role in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Actions on Intent'] |
eDiscovery Abuse
eDiscovery Abuse
Internal MISP references
UUID 48592f6a-76cc-4986-b434-1d3342fb30bc which can be used as unique global reference for eDiscovery Abuse in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Actions on Intent'] |
O365 - Download documents, messages and email
O365 - Download documents, messages and email
Internal MISP references
UUID 1ccc00f8-d4b5-4c72-a7c0-a53127497a7c which can be used as unique global reference for O365 - Download documents, messages and email in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['tactics:Actions on Intent'] |