Skip to content

Hide Navigation Hide TOC

Access To Windows Outlook Mail Files By Uncommon Application (fc3e237f-2fef-406c-b90d-b3ae7e02fa8f)

Detects file access requests to Windows Outlook Mail by uncommon processes. Could indicate potential attempt of credential stealing. Requires heavy baselining before usage

Cluster A Galaxy A Cluster B Galaxy B Level
Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927) Attack Pattern Access To Windows Outlook Mail Files By Uncommon Application (fc3e237f-2fef-406c-b90d-b3ae7e02fa8f) Sigma-Rules 1
Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2