Rule Info
Name
Access To Windows Outlook Mail Files By Uncommon Application
Author
frack113
Description
Detects file access requests to Windows Outlook Mail by uncommon processes.
Could indicate potential attempt of credential stealing.
Requires heavy baselining before usage
Date
2024-05-10 00:00:00
Modified
None
Id
fc3e237f-2fef-406c-b90d-b3ae7e02fa8f
Tags
attack.t1070.008 attack.defense_evasion DEMO
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit
frack113
Merge PR #4838 from @frack113 - Add `Access To Windows Outlook Mail Files By Uncommon Application`
2024-05-10
Nasreddine Bencherchali
Merge PR #4577 from @nasbench - Multiple Fixes & Updates
2023-12-21