Hide Navigation Hide TOC

Suspicious Inbox Forwarding Identity Protection (27e4f1d6-ae72-4ea0-8a67-77a73a289c3d)

Indicates suspicious rules such as an inbox rule that forwards a copy of all emails to an external address

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Suspicious Inbox Forwarding Identity Protection (27e4f1d6-ae72-4ea0-8a67-77a73a289c3d)	Sigma-Rules	1