Access To Windows Outlook Mail Files By Uncommon Application

Rule Info

Name
Access To Windows Outlook Mail Files By Uncommon Application
Author
frack113
Description
Detects file access requests to Windows Outlook Mail by uncommon processes. Could indicate potential attempt of credential stealing. Requires heavy baselining before usage
Date
2024-05-10 00:00:00
Modified
None
Id
fc3e237f-2fef-406c-b90d-b3ae7e02fa8f
Tags
attack.t1070.008 attack.defense_evasion DEMO
Type
Community Rule

Rule History

Author
Title
Date
Commit
frack113
Merge PR #4838 from @frack113 - Add `Access To Windows Outlook Mail Files By Uncommon Application`
2024-05-10
Nasreddine Bencherchali
Merge PR #4577 from @nasbench - Multiple Fixes & Updates
2023-12-21
Wagga
Merge PR #4524 from @wagga40 - Fix Typos In Metadata Fields
2023-10-28
frack113
Merge PR #4398 from @nasbench & @frack113 - Update File Access Rules
2023-09-15
Nasreddine Bencherchali
feat: new rules, updates and fp fixes (#4136)
2023-04-03
Nasreddine Bencherchali
feat: updates and fixes
2023-02-17
frack113
Add logsource definition
2022-10-25
frack113
Move file category rules
2022-10-13
Nasreddine Bencherchali
Fix FP In Testing
2022-10-07
frack113
System FP
2022-07-27
phantinuss
fix: FPs found in testing
2022-07-05
Florian Roth
refactor: remove now unnecessary filters
2022-06-30
Paul Hager
fix: FP fix
2022-06-30
Florian Roth
fix: FPs
2022-06-29
Florian Roth
fix: FPs with Browser Credential Store Access
2022-06-18