We have a blog! Check out MITRE Shield on Medium.

Email Manipulation

Modify the flow or contents of email.

Email flow manipulation includes changing which mail appliances process mail flows, to which systems they forward mail, or moving mail after it arrives in an inbox. Email content manipulation includes altering the contents of an email message.

Details
ID: DTE0019
Tactics:  Collect Detect Disrupt

Opportunities

IDDescription
DOS0017 A phishing email can be detected and blocked from arriving at the intended recipient.

Use Cases

IDDescription
DUC0015 A defender can intercept emails that are detected as suspicious or malicious by email detection tools and prevent deliver to the intended target.

Procedures

IDDescription
DPR0036 Modify the destination of inbound email to facilitate the collection of inbound spearphishing messages.
DPR0064 Modify the contents of an email message to maintain continuity when it is used for adversary engagement purposes.

ATT&CK® Techniques

IDNameATT&CK Tactics
T1566 Phishing Initial Access